trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Susan Hinrichs <shinr...@verizonmedia.com>
Subject Re: [E] Force trafficserver to TLSv1.3
Date Thu, 10 Dec 2020 16:47:57 GMT
Sounds like the origin is requesting a client certificate which ATS is not
providing.

Do you have your ATS configured to specify a client certificate if the
origin requests one?  This can be configured by the records.config setting
proxy.config.ssl.client.cert.filename (and related) These settings can also
be overridden on a per remap basis by using conf_remap.so.
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?#proxy-config-ssl-client-cert-filename


On Thu, Dec 10, 2020 at 7:17 AM <micunek@gmail.com> wrote:

> Hi,
> I found a explanation how Wireshark presents TLSv1.3 and it seems my
> configuration is OK and TLSv1.3 is used.
>
> However I have another problem with origin server.
> It send me bag "403 Forbidden" because of :
>
> SSL Library Error: error:14268117:SSL
> routines:SSL_verify_client_post_handshake:extension not received
>
>
> As I understand ATS do not send  in Client Hello
> "verify_client_post_handshake " extension.
>
> Is it possible to configure somehow?
>
>
> Thanks Peter
>

Mime
View raw message