On Thu, Apr 17, 2025 at 09:23:17AM +0200, Aleksandar Lazic wrote: > > When I take a look into that commit looks to me that some fetches are > similar from JA3 commit > https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=959a48c1167a4893796ed568d3864536e7e044f2 > > Just for my couriosity what's the difference between the > `smp_fetch_ssl_cipherlist` and `ssl_fc_cipherlist_*`. > >
Hello Aleks, This is used when the SSL traffic pass through haproxy in "mode tcp" without being deciphered. The ssl_fc_* fetches are using the OpenSSL stack to get information when HAProxy is the SSL endpoint, where the req.ssl_* are parsing the ClientHello directly when the SSL pass through. -- William Lallemand
