ATS 8 includes ssl_servername.config to do such SNI based tasks.
ssl_server_name.config — Apache Traffic Server 8.0.0 documentation
|
|
| |
ssl_server_name.config — Apache Traffic Server 8.0.0 documentation
|
|
|
Example:
server_config = {
{ fqdn="example.com", verify_client=MODERATE },
{ fqdn="*.yahoo.com", verify_client=STRICT }
}
Syeda Persia Aziz
Software DeveloperYahoo! Inc.Champaign, Illinois
On Tuesday, March 27, 2018, 2:08:18 PM CDT, Jeremy Payne
<[email protected]> wrote:
Context:
ATS server terminating multiple secure sites
Question:
Is there an out-the-box configuration that allows me to
require client certificates if the client hello/handshake matches a
specific SNI value?
Something like:
+++
if
SNI matches foor.bar
then
proxy.config.ssl.client.certification_level INT 3
+++
I can't simply set 'proxy.config.ssl.client.certification_level' to 3
on a global basis as this would impact other secure sites that dont
require a client certificate.
Thanks!
