shinrich opened a new issue, #9573: URL: https://github.com/apache/trafficserver/issues/9573
This is edited from a proposal I made on the dev mailing list March 19, 2023. I would like to propose another port descriptor, allow-plain. The current list is recorded in the documentation link below. https://docs.trafficserver.apache.org/admin-guide/files/records.config.en.html#proxy-config-http-server-ports With this port descriptor, if the TLS client hello does not work for a TLS connection, this descriptor indicates that ATS should attempt to process the connection as a non-TLS HTTP connection. This is useful for our dynamic transparent case. If our policy has traffic on a random port, e.g. 5555, we cannot know whether that traffic should be TLS or or non-TLS. If the SSL port is decorated with allow-plain, we can start with TLS processing and then attempt non-TLS. While our use case is for the transparent mode, allow-plain will function on non-transparent connections as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@trafficserver.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
