You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2020/09/08 23:10:45 UTC

[GitHub] [trafficserver] mtorluemke opened a new issue #7174: Cipher suite configuration per SNI?

mtorluemke opened a new issue #7174:
URL: https://github.com/apache/trafficserver/issues/7174


   Does it make sense to be able to have cipher suites per SNI? (Today, you can specify TLS versions, but not cipher suites.)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] shinrich edited a comment on issue #7174: Cipher suite configuration per SNI?

Posted by GitBox <gi...@apache.org>.

shinrich edited a comment on issue #7174:
URL: https://github.com/apache/trafficserver/issues/7174#issuecomment-715611228


   Yes, that does make sense.  Just never got around to it.  A pressing need has not come up yet for us, bit it should not be too hard to add.  Looks like there are SSL_ version of the SSL_CTX set cipher calls.  https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html
   
   Should plough through the code to ensure that setting this value too early does not get overwritten when a SSL_CTX gets selected in the certificate selection callback.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] shinrich commented on issue #7174: Cipher suite configuration per SNI?

Posted by GitBox <gi...@apache.org>.

shinrich commented on issue #7174:
URL: https://github.com/apache/trafficserver/issues/7174#issuecomment-715611228


   Yes, that does make sense.  Just never got around to it.  A pressing need has not come up yet for us, bit it should not be too hard to add.  Need to ensure that the appropriate openssl API exists for that.  I'll go do some research on that.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] github-actions[bot] commented on issue #7174: Cipher suite configuration per SNI?

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on issue #7174:
URL: https://github.com/apache/trafficserver/issues/7174#issuecomment-950245432


   This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org