1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
0
Hello, You mention that you are trying to send SNI information to your backend by the means an ALB. As you mentioned the load balancer does not forward the SNI to the respective targets when the connection is between the load balancer and the target over TLS. The Application Load Balancer does not look for a domain name when processing the TLS handshake with the backend. It is merely there to make sure that you have a valid certificate with the accepted ciphers.
The solution to workaround it would be:
1. Use a NLB with a TCP:443 listener which would pass the SNI extension specified by the client to the targets[1].
2. Making use of ALB SNI abilities to check the Domain name and then forward to different target groups [2].
References:
[2] https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/
respondido há 2 anos
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 6 meses