On Wed, Jan 18, 2017 at 04:06:05PM +0000, Jeremy Harris wrote:
> It turns out that the protocol spec document is ambiguous
> and the other way about (proxy-protocol handling done
> in-clear, then TLS) is the preferred way for HAproxy.
>
> Is anyone using and relying on the current Exim implementation
> ordering? Or shall I just swap them round?
It seems unlikely that HAproxy terminates TLS, posesses certificates
for all the ultimate end-points and initiates another TLS connection
to the target service. So, as a default, I would guess that the
proxy protocol never runs inside TLS. Given the current code,
getting confirmation for the hunch from the user community before
an incompatible change seems sensible.
--
Viktor.