1. 10
  1. 3

    This is great! We wrote https://godoc.org/github.com/spacemonkeygo/tlshowdy (which takes a slightly different approach) to make it take even less code than 105 lines, if that helps anyone. See the Peek method (which will return the ClientHello and a new Conn with the handshake bytes restarted)

    1. 1

      It looks like multiple people are going with the same approach that lets one dispatch its request depending on the SNI header.

      I owe credit to calico whose identical idea let me do sni-shunt.

      I would be happy if that idea did spread around everywhere, as it is a nice combo.

      The actual syscall is recv(2) with the MSG_PEEK flag, which I guess Go uses for this.

      1. 1

        FYI you can use nginx ssl preread module instead, which I discovered when I needed a similar functionality. I believe Apache has something similar.