we are trying to do map https://foo.com https://origin.foo.com
where foo.com has TLSv1 disabled and origin.foo.com has TLS1 enabled. To achieve this I am trying to set CONFIG proxy.config.ssl.TLSv1 INT 0 and CONFIG proxy.config.ssl.client.TLSv1 INT 1 Ideally this should make browser to ATS connection with TLS1.1 or TLS1.2 and ATS to origin on TLS1/TLS1.1/TLS1.2. It's not working as expected. Thanks Adi On Wed, Jul 6, 2016 at 2:25 PM, James Peach <[email protected]> wrote: > > > On Jul 6, 2016, at 12:35 PM, Adi Mallikarjuna Reddy V < > [email protected]> wrote: > > > > We have trafficserver setup as reverse proxy with SSL continuing up to > origin servers. We are trying to disable TLS1 only from browser to ATS and > continue to have TLS1 connection to origin servers. > > > > Here is our configuration : > > > > CONFIG proxy.config.ssl.SSLv2 INT 0 > > > > CONFIG proxy.config.ssl.SSLv3 INT 0 > > > > CONFIG proxy.config.ssl.TLSv1 INT 0 > > > > CONFIG proxy.config.ssl.TLSv1_1 INT 1 > > > > CONFIG proxy.config.ssl.TLSv1_2 INT 1 > > These settings just control which TLS protocol versions will be accepted. > > For a reverse proxy to a TLS origin, you can do this: > > map http://foo.com https://origin.foo.com > > J
