bneradt commented on code in PR #8972:
URL: https://github.com/apache/trafficserver/pull/8972#discussion_r939471490
##########
doc/admin-guide/files/records.config.en.rst:
##########
@@ -3956,6 +3956,12 @@ Client-Related Configuration
Enables (``1``) or disables (``0``) TLSv1_3 in the ATS client context. If
not specified, enabled by default
+.. ts:cv:: CONFIG proxy.config.ssl.client.alpn_protocols STRING ""
Review Comment:
These are all really good points. I think I've addressed each of your
thoughts:
1. I've updated the ALPN parsing logic to enforce that the user only passes
expected protocols, currently `http/1.1` and `http/1.0`. With HTTP/2 to origin
we'll add `h2`. If any other protocol strings are passed, a WARNING is emitted
and no ALPN extension is sent (the default behavior). This makes the
configuration "fool-proof" for the user in that they can't break anything by
configuring it, and a WARNING is emitted if something is wrong with their
configured ALPN.
2. I expanded our documentation of this feature, pointing to the ALPN RFC
and the official IANA list of registered ALPN protocol strings. I also
explicitly documented the ALPN protocols ATS supports. (Again, we'll add `h2`
with the HTTP/2 to origin PR.)
Thank you for your thoughtful feedback on this, @maskit. It really improved
this feature.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
