trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adi Mallikarjuna Reddy V <adimallikarjunare...@gmail.com>
Subject Re: SSL Protocol specific to client and server
Date Wed, 06 Jul 2016 22:18:15 GMT
When I turn off tls1 with
CONFIG proxy.config.ssl.TLSv1 INT 0
I see
openssl s_client -debug -connect example.net:443 -tls1
Fails as expected, but connection to origin also fails with 502 code.
Browser sees 502 success.

This is when I started looking at the other flags to see if turning off
tls1 at ATS affects connection to origin also.
Thanks
Adi

On Wednesday, July 6, 2016, James Peach <jpeach@apache.org> wrote:

>
> > On Jul 6, 2016, at 2:28 PM, Adi Mallikarjuna Reddy V <
> adimallikarjunareddy@gmail.com <javascript:;>> wrote:
> >
> > we are trying to do
> >
> > map https://foo.com https://origin.foo.com
> >
> > where foo.com has TLSv1 disabled and origin.foo.com has TLS1 enabled.
> >
> > To achieve this I am trying to set
> > CONFIG proxy.config.ssl.TLSv1 INT 0
> > and
> > CONFIG proxy.config.ssl.client.TLSv1 INT 1
> >
> > Ideally this should make browser to ATS connection with TLS1.1 or TLS1.2
> and ATS to origin on TLS1/TLS1.1/TLS1.2.
> >
> >
> > It's not working as expected.
>
> What is the behaviour you are seeing?
>
> I turned off proxy.config.ssl.TLSv1, and the following fails as expected
>         $ openssl s_client -debug -connect example.net:443 -no_tls1_1
> -no_tls1_2
>
> However OpenSSL sends a 1.0 handshake if I do this:
>         $ openssl s_client -debug -connect example.net:443 -no_tls1_1
>
> I have to explicitly enable 1.2:
>         $ openssl s_client -debug -connect example.net:443 -no_tls1_1
> -tls1_2
>
> J



-- 
Sent from Mobile

Mime
View raw message