trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: SSL Protocol specific to client and server
Date Wed, 06 Jul 2016 22:02:39 GMT

> On Jul 6, 2016, at 2:28 PM, Adi Mallikarjuna Reddy V <adimallikarjunareddy@gmail.com>
wrote:
> 
> we are trying to do
> 
> map https://foo.com https://origin.foo.com
> 
> where foo.com has TLSv1 disabled and origin.foo.com has TLS1 enabled.
> 
> To achieve this I am trying to set 
> CONFIG proxy.config.ssl.TLSv1 INT 0
> and 
> CONFIG proxy.config.ssl.client.TLSv1 INT 1
> 
> Ideally this should make browser to ATS connection with TLS1.1 or TLS1.2 and ATS to origin
on TLS1/TLS1.1/TLS1.2.
> 
> 
> It's not working as expected. 

What is the behaviour you are seeing?

I turned off proxy.config.ssl.TLSv1, and the following fails as expected
	$ openssl s_client -debug -connect example.net:443 -no_tls1_1 -no_tls1_2

However OpenSSL sends a 1.0 handshake if I do this:
	$ openssl s_client -debug -connect example.net:443 -no_tls1_1

I have to explicitly enable 1.2:
	$ openssl s_client -debug -connect example.net:443 -no_tls1_1 -tls1_2

J
Mime
View raw message