The packets sniffed by wireshark above on the successful handshake with the loadbalancer presented with a default certificate as it didn't know which certificate to present to the miner without the server_name extension.Īnyone else reading this can see the wiki page on SNI compliance. Without the server_name extension, it is impossible for the load balancer to know which service to direct the traffic.Īs you can see above, wireshark only sees the following extensions: ec_points_formats, supported_groups, session-ticket, signature_algorithms, extended_master_secret. Using wire shark to determine the current TCP extensions, under SSL, the miner should have the server_name extension added in order to properly determine the ownership service of a domain name under a single load balancer IP address. I am requesting the server_name extension be added to the T-Rex miner to be SNI compliant.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |