[jira] [Commented] (TS-1500) ssl_multicert.config specify sslcert per port
[ https://issues.apache.org/jira/browse/TS-1500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13481179#comment-13481179 ] James Peach commented on TS-1500: - I took a look at this and I have most of a patch to implement it. I was planning on using a trie lookup to implement longest match for the address:port tuple but I'm concerned about performance. It might be better to just do 2 hash lookups (for the address:port and fall back to the address). ssl_multicert.config specify sslcert per port - Key: TS-1500 URL: https://issues.apache.org/jira/browse/TS-1500 Project: Traffic Server Issue Type: Improvement Components: SSL Affects Versions: 3.2.0 Reporter: Kris Lindgren Fix For: 3.3.2 Trying to configure ssl termination on traffic server on a per-port basis(would really like to have per ip/port). An example of what I am wanting to do is: Inet - LB ( 1.1.1.1:443 ) - ATS ( 10.1.0.3:443 ) - web (10.0.0.2:80 ) Inet - LB ( 1.1.1.2:443 ) - ATS ( 10.1.0.3:444 ) - web (10.0.0.3:80 ) Inet - LB ( 1.1.1.3:443 ) - ATS ( 10.1.0.3:445 ) - web (10.0.0.4:80 ) Where in ATS I would then have a config like: dest_ip=10.1.0.3:443ssl_cert_name=one.crt ssl_key_name=one.key dest_ip=10.1.0.3:444ssl_cert_name=two.crt ssl_key_name=two.key dest_ip=10.1.0.3:445ssl_cert_name=three.crt ssl_key_name=three.key This way a unique IP is terminated on the LB and the LB just balances a different port on ATS, which handles the ssl termination. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-1500) ssl_multicert.config specify sslcert per port
[ https://issues.apache.org/jira/browse/TS-1500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13462195#comment-13462195 ] James Peach commented on TS-1500: - This should be a reasonably straight-forward change. We'll need to look out for IPv6 address formatting issues. ssl_multicert.config specify sslcert per port - Key: TS-1500 URL: https://issues.apache.org/jira/browse/TS-1500 Project: Traffic Server Issue Type: Improvement Components: SSL Affects Versions: 3.2.0 Reporter: Kris Lindgren Trying to configure ssl termination on traffic server on a per-port basis(would really like to have per ip/port). An example of what I am wanting to do is: Inet - LB ( 1.1.1.1:443 ) - ATS ( 10.1.0.3:443 ) - web (10.0.0.2:80 ) Inet - LB ( 1.1.1.2:443 ) - ATS ( 10.1.0.3:444 ) - web (10.0.0.3:80 ) Inet - LB ( 1.1.1.3:443 ) - ATS ( 10.1.0.3:445 ) - web (10.0.0.4:80 ) Where in ATS I would then have a config like: dest_ip=10.1.0.3:443ssl_cert_name=one.crt ssl_key_name=one.key dest_ip=10.1.0.3:444ssl_cert_name=two.crt ssl_key_name=two.key dest_ip=10.1.0.3:445ssl_cert_name=three.crt ssl_key_name=three.key This way a unique IP is terminated on the LB and the LB just balances a different port on ATS, which handles the ssl termination. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-1500) ssl_multicert.config specify sslcert per port
[ https://issues.apache.org/jira/browse/TS-1500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13462201#comment-13462201 ] Leif Hedstrom commented on TS-1500: --- Wondering, are there IPv6 capable client installations that do not support SNI? Can you run IPv6 on WinXP and IE? My gut instinct would be that if they have gotten to IPv6, why the f*ck are they still running XP? :) ssl_multicert.config specify sslcert per port - Key: TS-1500 URL: https://issues.apache.org/jira/browse/TS-1500 Project: Traffic Server Issue Type: Improvement Components: SSL Affects Versions: 3.2.0 Reporter: Kris Lindgren Trying to configure ssl termination on traffic server on a per-port basis(would really like to have per ip/port). An example of what I am wanting to do is: Inet - LB ( 1.1.1.1:443 ) - ATS ( 10.1.0.3:443 ) - web (10.0.0.2:80 ) Inet - LB ( 1.1.1.2:443 ) - ATS ( 10.1.0.3:444 ) - web (10.0.0.3:80 ) Inet - LB ( 1.1.1.3:443 ) - ATS ( 10.1.0.3:445 ) - web (10.0.0.4:80 ) Where in ATS I would then have a config like: dest_ip=10.1.0.3:443ssl_cert_name=one.crt ssl_key_name=one.key dest_ip=10.1.0.3:444ssl_cert_name=two.crt ssl_key_name=two.key dest_ip=10.1.0.3:445ssl_cert_name=three.crt ssl_key_name=three.key This way a unique IP is terminated on the LB and the LB just balances a different port on ATS, which handles the ssl termination. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
