Sounds like the origin is requesting a client certificate which ATS is not providing.
Do you have your ATS configured to specify a client certificate if the origin requests one? This can be configured by the records.config setting proxy.config.ssl.client.cert.filename (and related) These settings can also be overridden on a per remap basis by using conf_remap.so. https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?#proxy-config-ssl-client-cert-filename On Thu, Dec 10, 2020 at 7:17 AM <[email protected]> wrote: > Hi, > I found a explanation how Wireshark presents TLSv1.3 and it seems my > configuration is OK and TLSv1.3 is used. > > However I have another problem with origin server. > It send me bag "403 Forbidden" because of : > > SSL Library Error: error:14268117:SSL > routines:SSL_verify_client_post_handshake:extension not received > > > As I understand ATS do not send in Client Hello > "verify_client_post_handshake " extension. > > Is it possible to configure somehow? > > > Thanks Peter >
