[PROPOSAL] Turn off TLS v1.0 and v1.1 by default for ATS v9.00

Leif Hedstrom Tue, 04 Jun 2019 15:14:20 -0700

Hi all,

in the spirit of


        https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-04


I’d like to propose that we change the defaults for our settings, to turn these 
two protocols off by default:

        proxy.config.ssl.TLSv1=0
        proxy.config.ssl.TLSv1_1=0
        proxy.config.ssl.client.TLSv1=0
        proxy.config.ssl.client.TLSv1_1=0


The code / features will still be there, and can either be turned on globally, 
or (better IMO) turned on per SNI in ssl_server_name.yaml / sni.yaml.

Any concerns / objections?

— Leif

[PROPOSAL] Turn off TLS v1.0 and v1.1 by default for ATS v9.00

Reply via email to