alt Hacker NewsThe solution to this is TLS SNI redirecting.
You can front a TLS server on port 443 and then redirect without decrypting the connection based on the SNI name to your final destination host.
Replies
J-Kuhn • yesterday at 6:26 AM
But... this doesn't work for SSH, which is the problem here?
➕ show 1 reply
Im not saying its the solution I would implement but caddy's L4 module does let you do this, essentially using TLS as a tunnel and openssl in the proxy command to terminate it client side.