Will lua code run from these lua 'config' files? Or is the main purpose of the 'config' file is to define a set of dictionaries ? Since this config is read during the client handshake, would seem the best time to dynamically set upstream servers(based on whatever conditions) for tunneled connections..
On Tue, Mar 27, 2018 at 2:15 PM, Persia Aziz <[email protected]> wrote: > ATS 8 includes ssl_servername.config to do such SNI based tasks. > > ssl_server_name.config — Apache Traffic Server 8.0.0 documentation > <https://docs.trafficserver.apache.org/en/latest/admin-guide/files/ssl_server_name.config.en.html> > > ssl_server_name.config — Apache Traffic Server 8.0.0 documentation > > > <https://docs.trafficserver.apache.org/en/latest/admin-guide/files/ssl_server_name.config.en.html> > > > > Example: > > server_config = { > { fqdn="example.com", verify_client=MODERATE }, > { fqdn="*.yahoo.com", verify_client=STRICT }} > > > Syeda Persia Aziz > Software Developer > Yahoo! Inc. > Champaign, Illinois > > > On Tuesday, March 27, 2018, 2:08:18 PM CDT, Jeremy Payne < > [email protected]> wrote: > > > Context: > ATS server terminating multiple secure sites > > Question: > Is there an out-the-box configuration that allows me to > require client certificates if the client hello/handshake matches a > specific SNI value? > > > Something like: > > +++ > if > > SNI matches foor.bar > > then > > proxy.config.ssl.client.certification_level INT 3 > +++ > > > I can't simply set 'proxy.config.ssl.client.certification_level' to 3 > on a global basis as this would impact other secure sites that dont > require a client certificate. > > Thanks! >
