trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From micu...@gmail.com
Subject Force trafficserver to TLSv1.3
Date Thu, 10 Dec 2020 10:44:29 GMT
Hi All,

I am using trafficserver 8.1.1 and OpenSSL 1.1.1f.
My client starts http connection to ATS and then ATS map connection to
origin server over https.

remap.config
---------------------
map http://168.168.1.1:8080 https://some-domain.com:8443

For https I would like to use only TLSv1.3 but I am not able to force
trafficserver to TLSv1.3,
I can always see in catched pcap that ATS starts with TLSv1.2 Client Hello,
...

record.config
-----------------------
CONFIG proxy.config.ssl.TLSv1 INT 0
CONFIG proxy.config.ssl.TLSv1_1 INT 0
CONFIG proxy.config.ssl.TLSv1_2 INT 0
CONFIG proxy.config.ssl.TLSv1_3 INT 1
CONFIG proxy.config.ssl.client.TLSv1 INT 0
CONFIG proxy.config.ssl.client.TLSv1_1 INT 0
CONFIG proxy.config.ssl.client.TLSv1_1 INT 0
CONFIG proxy.config.ssl.client.TLSv1_3 INT 1
CONFIG proxy.config.ssl.client.certification_level INT 1
CONFIG proxy.config.ssl.client.verify.server INT 1
CONFIG proxy.config.ssl.server.TLSv1_3.cipher_suites STRING
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
CONFIG proxy.config.ssl.client.TLSv1_3.cipher_suites STRING
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

Could you please help me solve this issue?

Thanks Peter

Mime
View raw message