trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adi Mallikarjuna Reddy V <adimallikarjunare...@gmail.com>
Subject Re: SSL Protocol specific to client and server
Date Wed, 06 Jul 2016 21:28:26 GMT
we are trying to do

map https://foo.com https://origin.foo.com

where foo.com has TLSv1 disabled and origin.foo.com has TLS1 enabled.

To achieve this I am trying to set
CONFIG proxy.config.ssl.TLSv1 INT 0
and
CONFIG proxy.config.ssl.client.TLSv1 INT 1

Ideally this should make browser to ATS connection with TLS1.1 or TLS1.2
and ATS to origin on TLS1/TLS1.1/TLS1.2.


It's not working as expected.

Thanks
Adi

On Wed, Jul 6, 2016 at 2:25 PM, James Peach <jpeach@apache.org> wrote:

>
> > On Jul 6, 2016, at 12:35 PM, Adi Mallikarjuna Reddy V <
> adimallikarjunareddy@gmail.com> wrote:
> >
> > We have trafficserver setup as reverse proxy with SSL continuing up to
> origin servers. We are trying to disable TLS1 only from browser to ATS and
> continue to have TLS1 connection to origin servers.
> >
> > Here is our configuration :
> >
> > CONFIG proxy.config.ssl.SSLv2 INT 0
> >
> > CONFIG proxy.config.ssl.SSLv3 INT 0
> >
> > CONFIG proxy.config.ssl.TLSv1 INT 0
> >
> > CONFIG proxy.config.ssl.TLSv1_1 INT 1
> >
> > CONFIG proxy.config.ssl.TLSv1_2 INT 1
>
> These settings just control which TLS protocol versions will be accepted.
>
> For a reverse proxy to a TLS origin, you can do this:
>
> map http://foo.com https://origin.foo.com
>
> J

Mime
View raw message