[
https://issues.apache.org/jira/browse/TS-3746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14625119#comment-14625119
]
James Peach commented on TS-3746:
---------------------------------
Right, so if this transaction requires a verified TLS session, then you have to
put back the session that was not verified and get a new one. When getting a
new one you need to somehow communicate to the session manager that you need a
verified session.
I assume that if the transaction does not require a verified TLS, it is ok if
it does actually get one? Note that this would prevent certain kinds of
debugging, so the answer is not completely obvious to me.
> We need to make proxy.config.ssl.client.verify.server overridable
> -----------------------------------------------------------------
>
> Key: TS-3746
> URL: https://issues.apache.org/jira/browse/TS-3746
> Project: Traffic Server
> Issue Type: New Feature
> Components: Configuration
> Reporter: Syeda Persia Aziz
> Assignee: Dave Thompson
> Labels: Yahoo
> Fix For: sometime
>
>
> We need to make proxy.config.ssl.client.verify.server overridable. Some
> origin servers need validation to avoid MITM attacks while others don't.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
