trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: SNI AND ATS
Date Mon, 29 Sep 2014 00:04:21 GMT

On Sep 28, 2014, at 10:15 AM, Jason Strongman <jasonstrongman2016@gmail.com> wrote:

> When you say 'incoming' request, do you mean 
> 
> 1. client to ATS ?
> or
> 2. ATS to origin ?
> 
> Based on my understanding of the multiple certificate documentation, to support this
configuration, ATS requires multiple IPs.
> Also based on my understanding, ATS does not support serving multiple certificates if
the TLS/SSL service only listens on one socket.

https://trafficserver.readthedocs.org/en/latest/reference/configuration/ssl_multicert.config.en.html

Specifically, the "Certificate Selection" section discusses how SNI requests are handled.
We support SNI using the certificate subject and and alternate names in the certificate. If
the documentation is not clear on this, I'd be happy to take patches or suggestions


> 
> 
> 
> 
> On Sun, Sep 28, 2014 at 11:26 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
> 
> Am 28.09.2014 um 18:24 schrieb Jason Strongman:
> > Version - 4.2.1.1
> > Mode - Reverse Proxy
> >
> > Objective: To support multiple SSL sites, each with their own certificate, and only
use one IP/Port.
> > Does ATS support SNI for incoming requests as described in the below links?
> 
> ATS supports *only* SNI for incoming requests
> 
> 


Mime
View raw message