[
https://issues.apache.org/jira/browse/TS-2924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14056367#comment-14056367
]
Sudheer Vinukonda edited comment on TS-2924 at 7/9/14 3:50 PM:
---------------------------------------------------------------
Disabling certain protocols or limiting the cipher suite affects ALL of the
origins, so, it doesn't sound like a good solution. If the origin can only
negotiate an agreeable protocol, AFTER disabling some protocols, that doesn't
sound like negotiation, to begin with. If such origins are not wide spread,
perhaps, it's not even worth trying to fix the origin's bugs.
was (Author: sudheerv):
Disabling certain protocols or limiting the cipher suite affects ALL of the
origins, so, it doesn't sound like a good solution. If the origin can only
negotiate to an agreeable protocol, AFTER disabling some protocols, that
doesn't sound like negotiation, to begin with. If such origins are not wide
spread, perhaps, it's not even worth trying to fix the origin's bugs.
> Configurable client's ssl protocols and cipher suite
> ----------------------------------------------------
>
> Key: TS-2924
> URL: https://issues.apache.org/jira/browse/TS-2924
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Reporter: Wei Sun
> Labels: yahoo
> Attachments: TS-2924.diff
>
>
> A few old origins cannot support the latest ssl protocols well, ats is
> expected to be able to configure dedicated cipher suite and protocols for SSL
> client context.
> {code}
> e.g. Enable SSLv3/TLSv1/TLSv1_1/TLSv1_2
> map http://foo1.com https://www.bankadviser.com/scbteod/scbteod_logo.GIF
> map http://foo2.com
> https://applications.bancopopular.com/images/emails/fb-share-button.jpg
> curl -H 'Host: foo1.com' http://localhost:8080/ -v // failed to setup ssl
> connection to origin
> curl -H 'Host: foo2.com' http://localhost:8080/ -v //SSL connection hang
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
