TSVConnProtocolEnable/Disable¶
Synopsis¶
#include <ts/ts.h>
-
TSReturnCode TSVConnProtocolEnable(TSVConn vconn, const char *protocol)¶
-
TSReturnCode TSVConnProtocolDisable(TSVConn vconn, const char *protocol)¶
Description¶
TSVConnProtocolEnable()
will enable the protocol specified by protocol to be advertised in the TLS protocol negotiation.
Similarly, TSVConnProtocolDisable()
will remove the protocol specified by protocol from the TLS protocol negotiation.
To be effective, these calls must be made from the early TLS negotiation hooks like TS_SSL_CLIENT_HELLO_HOOK
or TS_SSL_SERVERNAME_HOOK
.
Examples¶
The example below is excerpted from example/plugins/c-api/disable_http2/disable_http2.cc
in the Traffic Server source distribution. It shows how the TSVConnProtocolDisable()
function
can be used in a plugin called from the TS_SSL_SERVERNAME_HOOK
.
// Map of domains to tweak.
using DomainSet = std::unordered_set<std::string>;
DomainSet Domains;
int
CB_SNI(TSCont /* contp ATS_UNUSED */, TSEvent, void *cb_data)
{
auto vc = static_cast<TSVConn>(cb_data);
TSSslConnection ssl_conn = TSVConnSslConnectionGet(vc);
auto *ssl = reinterpret_cast<SSL *>(ssl_conn);
char const *sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (sni) {
if (Domains.find(sni) != Domains.end()) {