bneradt opened a new pull request #6972:
URL: https://github.com/apache/trafficserver/pull/6972
This also adds some TLS information in the protocol stack, such as the
verify_mode applied to the SSL session and whether the server requested
a client certificate.
With this change, there are now two kinds of protocol stacks that are
dumped. There is a session-level one that describes the client-side
protocol stack. It can look something like this:
"sessions": [
{
"connection-time": 1593796698149511642,
"protocol": {
"h2": {},
"ipv4": {},
"tcp": {},
"tls": {
"proxy-provided-cert": true,
"proxy-verify-mode": 0,
"sni": "www.tls.com",
"version": "TLSv1.2"
}
},
"transactions": [
...
In addition, there is now a server-side protocol stack that will be printed
in
every proxy-request node. It can look something like this:
"protocol": {
"http/1.1": {},
"ipv4": {},
"tcp": {},
"tls": {
"proxy-provided-cert": false,
"proxy-verify-mode": 1,
"sni": "www.tls.com",
"version": "TLSv1.2"
}
},
Note that the dump provides TLS information from the perspective of the
proxy,
therefore the TLS nodes are prefixed by "proxy-". The schema is also updated
to
anticipate verifier directives that dictate client and server TLS behavior
("verify-mode" and "request-certificate").
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
