I've tested TLS acceleration. Not much to accelerate, as http(8) was listening on a loopback address on the same test system. TLS inspection works fine. However password prompts from the back end web server pop up a cleartext warning, as the back end server was using cleartext. I may be able to remove this with header modification, which would mean more testing.
I'm able to move my key pair from system to system, as long as the IP address resolves at the calling client system (such as with an /etc/hosts entry or a non-authoritative DNS server). I can uses my key pair with relayd. My CA will confirm OCSP queries issued by the browser, because the certificate is valid.
|