[
https://issues.apache.org/jira/browse/TS-3746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14622785#comment-14622785
]
Susan Hinrichs commented on TS-3746:
------------------------------------
Are you asking why you don't just verify all certificates from all origins?
That is what I would prefer from a security perspective. But from an
organizational perspective, not everyone is ready to bet connectivity that all
the verifying certs are distributed appropriately.
Actually the override can be set from within a transaction, since this is the
connection from ATS to the origin server which would only happen within the
context of a transaction.
> We need to make proxy.config.ssl.client.verify.server overridable
> -----------------------------------------------------------------
>
> Key: TS-3746
> URL: https://issues.apache.org/jira/browse/TS-3746
> Project: Traffic Server
> Issue Type: New Feature
> Components: Configuration
> Reporter: Syeda Persia Aziz
> Labels: Yahoo
> Fix For: sometime
>
>
> We need to make proxy.config.ssl.client.verify.server overridable. Some
> origin servers need validation to avoid MITM attacks while others don't.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
