specify multiple TLS-Ports?
wouter at nlnetlabs.nl
Thu Mar 15 14:26:16 UTC 2018
Hi Andreas, Guillaume-Jean,
Sounds useful, so I've added the option to list a number of additional
tls ports to provide tls service on. With additional-tls-port: 443
(perhaps more with more port numbers to provide tls service on) in
For other, you also need to configure an interface with the correct port
number, eg. interface: 127.0.0.1 at 443
The code is in the code repository (i.e. not the just already released
Best regards, Wouter
On 15/03/18 13:54, Guillaume-Jean Herbiet via Unbound-users wrote:
> I tried the exact same setup before (with version 1.6.7 and 1.6.8) and
> can confirm this.
> In this situation first configured port is open but TLS handshake is not
> Being able to listen to several ports for TLS could be very handful to
> provide a DNS-over-TLS resolver:
> - on standard 853/tcp port
> - on 443/tcp port to offer an alternative in "hostile" networks where
> 853/tcp could be filtered.
> I think this is also what Andreas is trying to achieve.
> On 2018-03-13 14:24, A. Schulze via Unbound-users wrote:
>> is it possible to configure unbound to listen on more then one port for TLS?
>> I tried:
>> access-control: 0.0.0.0/0 allow
>> interface: 0.0.0.0
>> tls-service-pem: "/path/to/fullchain"
>> tls-service-key: "/path/to/privkey"
>> interface: 0.0.0.0 at 853
>> tls-port: 853
>> interface: 0.0.0.0 at 443
>> tls-port: 443
>> but then there is no TLS handshake possible on port 853, only on port 443
>> Removing 443, enable 853 again.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users