def tls_clienthello(self, tls_clienthello: tls.ClientHelloData):
conn_context = tls_clienthello.context
tls_clienthello.establish_server_tls_first = conn_context.server.tls and (
ctx.options.connection_strategy == "eager" or
ctx.options.add_upstream_certs_to_client_chain or
ctx.options.upstream_cert
)
def tls_clienthello(self, tls_clienthello: tls.ClientHelloData):
conn_context = tls_clienthello.context
only_non_http_alpns = (conn_context.client.alpn_offers and all(
x not in tls.HTTP_ALPNS for x in conn_context.client.alpn_offers))
tls_clienthello.establish_server_tls_first = conn_context.server.tls and (
ctx.options.connection_strategy == "eager"
or ctx.options.add_upstream_certs_to_client_chain
or ctx.options.upstream_cert and
(only_non_http_alpns or not conn_context.client.sni))
def require_server_conn(client_hello: tls.ClientHelloData) -> None:
client_hello.establish_server_tls_first = True