We currently have the ability to turn off HTTP/2 support on a per domain basis via the disable_h2 option in ssl_server_name.yaml
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/ssl_server_name.yaml.en.html Folks have asked for a similar mechanism to not offer TLS protocols (e.g. 1.3) for specific domain names. I can see use cases for adding or removing from the default in records.config for very new protocols (e.g. the phone app for a domain doesn't handle TLSv1.3) or very old protocols (e.g. some critical set top boxes can only use TLSv1.0). We could have a separate toggle for each protocol. Directly mapping what is in records.config. - fqdn: bob.com enable_tls_v1_3: true/false Or we could try to have a list entry -fqdn: bob.com enable_tls_protocols: - tls_v1_3 - tls_v1_2 disable_tls_protocols: -tls_v1.0 Please share your opinions.
