trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Susan Hinrichs <>
Subject Looking for opinions on additions to ssl_server_name.yaml
Date Mon, 19 Nov 2018 22:10:49 GMT
We currently have the ability to turn off HTTP/2 support on a per domain
basis via the disable_h2 option in ssl_server_name.yaml

Folks have asked for a similar mechanism to not offer TLS protocols (e.g.
1.3) for specific domain names.  I can see use cases for adding or removing
from the default in records.config for very new protocols (e.g. the phone
app for a domain doesn't handle TLSv1.3) or very old protocols (e.g. some
critical set top boxes can only use TLSv1.0).

We could have a separate toggle for each protocol.  Directly mapping what
is in records.config.

- fqdn:
  enable_tls_v1_3: true/false

Or we could try to have a list entry

    - tls_v1_3
    - tls_v1_2

Please share your opinions.

View raw message