This is usually used by TLS terminators, which don't have an HTTP server availab... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

zinekeller on April 12, 2022 | parent | context | favorite | on: Automate Public Certificates Lifecycle Management ...

This is usually used by TLS terminators, which don't have an HTTP server available (can understand TLS but not HTTP). ALPN here is a property of TLS ClientHello which specifies the capabilities of the client, usually used to signal support for HTTP 2 but in this specific case signals that the TLS client is an ACME verier on behalf of a CA, so the TLS server only sends the validator certificate when the validators specifically requesting it (ensuring interruption-free validation). The important part here is that a TLS server is available but HTTPS is not available as it is either only a TLS terminator or something that operates a non-HTTPS TLS server (for example, RTMPS).

bogomipz on April 13, 2022 [–]

>"The important part here is that a TLS server is available but HTTPS is not available as it is either only a TLS terminator or something that operates a non-HTTPS TLS server (for example, RTMPS)."

That makes good sense. Thanks for putting it so succinctly. Cheers.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact