feat(rustproxy): add protocol-based routing and backend TLS re-encryption support
This commit is contained in:
11
changelog.md
11
changelog.md
@@ -1,5 +1,16 @@
|
||||
# Changelog
|
||||
|
||||
## 2026-02-16 - 25.6.0 - feat(rustproxy)
|
||||
add protocol-based routing and backend TLS re-encryption support
|
||||
|
||||
- Introduce optional route_match.protocol ("http" | "tcp") in Rust and TypeScript route types to allow protocol-restricted routing.
|
||||
- RouteManager: respect protocol field during matching and treat TLS connections without SNI as not matching domain-restricted routes (except wildcard-only routes).
|
||||
- HTTP proxy: add BackendStream abstraction to unify plain TCP and tokio-rustls TLS backend streams, and support connecting to upstreams over TLS (upstream.use_tls) with an InsecureBackendVerifier for internal/self-signed backends.
|
||||
- WebSocket and HTTP forwarding updated to use BackendStream so upstream TLS is handled transparently.
|
||||
- Passthrough listener: perform post-termination protocol detection for TerminateAndReencrypt; route HTTP flows into HttpProxyService and handle non-HTTP as TLS-to-TLS tunnel.
|
||||
- Add tests for protocol matching, TLS/no-SNI behavior, and other routing edge cases.
|
||||
- Add rustls and tokio-rustls dependencies (Cargo.toml/Cargo.lock updates).
|
||||
|
||||
## 2026-02-16 - 25.5.0 - feat(tls)
|
||||
add shared TLS acceptor with SNI resolver and session resumption; prefer shared acceptor and fall back to per-connection when routes specify custom TLS versions
|
||||
|
||||
|
||||
Reference in New Issue
Block a user