In our setup, we are terminating TLS traffic on Fabio. This means that Fabio is the main/only place where we know which protocol was used.
My suggestion is to add Info headers to the backend request, to facilitate logging within the application.
Current concept:
Fabio-Tls-Version: TLS12
Fabio-Tls-Cipher: 0xcca9
Fabio-Http-Protocol: h2
Because these are not really universal, I prefer to prefix them with Fabio-. The ID used for the cipher is from the IANA list:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
https://golang.org/src/crypto/tls/cipher_suites.go#L368
For enabling/disabling these headers, I propose the proxy.header.info.enabled as a boolean, defaulting to true.
Later on, we can add additional informational headers, such as what Cloudflare has done with the CF-0RTT-Unique header for TLS1.3
I have the commits for this on my cloned branch. I'll create a pull request in a couple of days based on the input from this issue
In our setup, we are terminating TLS traffic on Fabio. This means that Fabio is the main/only place where we know which protocol was used.
My suggestion is to add Info headers to the backend request, to facilitate logging within the application.
Current concept:
Because these are not really universal, I prefer to prefix them with
Fabio-. The ID used for the cipher is from the IANA list:https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
https://golang.org/src/crypto/tls/cipher_suites.go#L368
For enabling/disabling these headers, I propose the
proxy.header.info.enabledas a boolean, defaulting to true.Later on, we can add additional informational headers, such as what Cloudflare has done with the
CF-0RTT-Uniqueheader for TLS1.3I have the commits for this on my cloned branch. I'll create a pull request in a couple of days based on the input from this issue