WIP: https: use ALPN to notify peer about the protocol in use (!14) · Merge requests · OpenConnect VPN projects / OpenConnect

Nikos Mavrogiannopoulos requested to merge nmav/openconnect:tmp-use-alpn into master Oct 14, 2018

[this is opened as a trigger for discussion; do we need that?]

According to the openconnect protocol the client can notify the server of the protocol it intends to use using ALPN [0]. That could allow the server to redirect VPN requests to a different subsystem (e.g., via haproxy), in a clean way without relying on server name.

That however has the disadvantage of allowing easier VPN session tracking.

[0]. https://tools.ietf.org/html/draft-mavrogiannopoulos-openconnect-01#appendix-A

Signed-off-by: Nikos Mavrogiannopoulos nmav@gnutls.org

WIP: https: use ALPN to notify peer about the protocol in use

Merge request reports