> On Jul 6, 2016, at 2:28 PM, Adi Mallikarjuna Reddy V
> <[email protected]> wrote:
>
> we are trying to do
>
> map https://foo.com https://origin.foo.com
>
> where foo.com has TLSv1 disabled and origin.foo.com has TLS1 enabled.
>
> To achieve this I am trying to set
> CONFIG proxy.config.ssl.TLSv1 INT 0
> and
> CONFIG proxy.config.ssl.client.TLSv1 INT 1
>
> Ideally this should make browser to ATS connection with TLS1.1 or TLS1.2 and
> ATS to origin on TLS1/TLS1.1/TLS1.2.
>
>
> It's not working as expected.
What is the behaviour you are seeing?
I turned off proxy.config.ssl.TLSv1, and the following fails as expected
$ openssl s_client -debug -connect example.net:443 -no_tls1_1 -no_tls1_2
However OpenSSL sends a 1.0 handshake if I do this:
$ openssl s_client -debug -connect example.net:443 -no_tls1_1
I have to explicitly enable 1.2:
$ openssl s_client -debug -connect example.net:443 -no_tls1_1 -tls1_2
J
