TSVConnProtocolEnable/Disable

Synopsis

#include <ts/ts.h>
TSReturnCode TSVConnProtocolEnable(TSVConn vconn, const char* protocol)
TSReturnCode TSVConnProtocolDisable(TSVConn vconn, const char* protocol)

Description

TSVConnProtocolEnable() will enable the protocol specified by protocol to be advertised in the TLS protocol negotiation.

Similarly, TSVConnProtocolDisable() will remove the protocol specified by protocol from the TLS protocol negotiation.

To be effective, these calls must be made from the early TLS negotiation hooks like TS_SSL_CLIENT_HELLO_HOOK or TS_SSL_SERVERNAME_HOOK.

Examples

The example below is excerpted from example/plugins/c-api/disable_http2/disable_http2.cc in the Traffic Server source distribution. It shows how the TSVConnProtocolDisable() function can be used in a plugin called from the TS_SSL_SERVERNAME_HOOK.

int
CB_SNI(TSCont contp, TSEvent, void *cb_data)
{
  auto vc                  = static_cast<TSVConn>(cb_data);
  TSSslConnection ssl_conn = TSVConnSslConnectionGet(vc);
  auto *ssl                = reinterpret_cast<SSL *>(ssl_conn);
  char const *sni          = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
  if (sni) {
    if (Domains.find(sni) != Domains.end()) {
      TSDebug(PLUGIN_NAME, "Disable H2 for SNI=%s", sni);
      TSVConnProtocolDisable(vc, TS_ALPN_PROTOCOL_HTTP_2_0);
    }
  }