No, just making sure this is ok with everyone. 😉 On Tue, May 23, 2023 at 10:43 PM Masaori Koshiba <masa...@apache.org> wrote:
> Looks reasonable to me. Some configs in the sni.yaml have almost the same > behavior, overriding records.config (yaml) from sni.yaml. > - e.g. verify_server_policy, verify_server_properties. > > Do you have any concerns with this approach? > > — Masaori > > On Wed, May 24, 2023 at 5:14 AM Fei Deng <duke8...@apache.org> wrote: > > > Hi All, > > > > It's been requested that the configuration for 0-RTT early data needs to > be > > changeable per SNI. I've been working on this feature, and the following > > example shows the changes I made. Please share your thoughts on this. > > > > Note: > > > > 1. The old config still exists, it is a general setting for all tls > > connections. > > 2. sni.yaml can enable/disable 0-rtt per fqdn, this acts as an > override > > of the general config. > > > > Examples: > > > > 1. proxy.config.ssl.server.max_early_data = 16384 > > - blank sni.yaml -> old behavior, all connections support 0-rtt > > - sni.yaml specifies server_max_early_data = 0 for example.com -> > > 0-rtt disabled for example.com, all other connections support > 0-rtt > > 2. proxy.config.ssl.server.max_early_data = 0 > > - blank sni.yaml -> old behavior, all connections doesn't support > > 0-rtt > > - sni.yaml specifies server_max_early_data = 16384 for example.com > > -> 0-rtt enabled only for example.com, all other connections > doesn’t > > support 0-rtt > > >
