TSVCONNPROTOCOLENABLE/DISABLE(3ts) | Apache Traffic Server | TSVCONNPROTOCOLENABLE/DISABLE(3ts) |
TSVConnProtocolEnable/Disable - TSVConnProtocol API function
#include <ts/ts.h>
TSVConnProtocolEnable() will enable the protocol specified by protocol to be advertised in the TLS protocol negotiation.
Similarly, TSVConnProtocolDisable() will remove the protocol specified by protocol from the TLS protocol negotiation.
To be effective, these calls must be made from the early TLS negotiation hooks like TS_SSL_CLIENT_HELLO_HOOK or TS_SSL_SERVERNAME_HOOK.
The example below is excerpted from example/plugins/c-api/disable_http2/disable_http2.cc in the Traffic Server source distribution. It shows how the TSVConnProtocolDisable() function can be used in a plugin called from the TS_SSL_SERVERNAME_HOOK.
int CB_SNI(TSCont contp, TSEvent, void *cb_data) {
auto vc = static_cast<TSVConn>(cb_data);
TSSslConnection ssl_conn = TSVConnSslConnectionGet(vc);
auto *ssl = reinterpret_cast<SSL *>(ssl_conn);
char const *sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (sni) {
if (Domains.find(sni) != Domains.end()) {
TSDebug(PLUGIN_NAME, "Disable H2 for SNI=%s", sni);
TSVConnProtocolDisable(vc, TS_ALPN_PROTOCOL_HTTP_2_0);
}
}
2023, dev@trafficserver.apache.org
November 2, 2023 | 9.2 |