DOC: configuration: clarify ciphersuites usage
Ciphersuites can be used with any TLS/SSL protocol version and are not specific to TLSv1.3. However you can only specify the TLSv1.3 ciphers in ciphersuite format. Should fix issue #2459. Backport to every stable branches.
This commit is contained in:
William Lallemand
parent
69f15b9a40
commit
e2a44d6c94
|
|
@ -2296,13 +2296,13 @@ ssl-default-bind-ciphers <ciphers>
|
|||
ssl-default-bind-ciphersuites <ciphersuites>
|
||||
This setting is only available when support for OpenSSL was built in and
|
||||
OpenSSL 1.1.1 or later was used to build HAProxy. It sets the default string
|
||||
describing the list of cipher algorithms ("cipher suite") that are negotiated
|
||||
during the TLSv1.3 handshake for all "bind" lines which do not explicitly define
|
||||
theirs. The format of the string is defined in
|
||||
"man 1 ciphers" from OpenSSL man pages under the section "ciphersuites". For
|
||||
cipher configuration for TLSv1.2 and earlier, please check the
|
||||
"ssl-default-bind-ciphers" keyword. Please check the "bind" keyword for more
|
||||
information.
|
||||
describing the list of cipher algorithms in "cipher suite" format that are
|
||||
negotiated during the TLS handshake for all "bind" lines which do not
|
||||
explicitly define theirs. The format of the string is defined in "man 1
|
||||
ciphers" from OpenSSL man pages under the section "ciphersuites". For cipher
|
||||
configuration for TLSv1.2 and earlier using the "OpenSSL" ciphers format,
|
||||
please check the "ssl-default-bind-ciphers" keyword. Please check the "bind"
|
||||
keyword for more information.
|
||||
|
||||
ssl-default-bind-client-sigalgs <sigalgs>
|
||||
This setting is only available when support for OpenSSL was built in. It sets
|
||||
|
|
@ -2366,14 +2366,14 @@ ssl-default-server-ciphers <ciphers>
|
|||
|
||||
ssl-default-server-ciphersuites <ciphersuites>
|
||||
This setting is only available when support for OpenSSL was built in and
|
||||
OpenSSL 1.1.1 or later was used to build HAProxy. It sets the default
|
||||
string describing the list of cipher algorithms that are negotiated during
|
||||
the TLSv1.3 handshake with the server, for all "server" lines which do not
|
||||
explicitly define theirs. The format of the string is defined in
|
||||
OpenSSL 1.1.1 or later was used to build HAProxy. It sets the default string
|
||||
describing the list of cipher algorithms in "cipher suite" format that are
|
||||
negotiated during the TLS handshake with the server, for all "server" lines
|
||||
which do not explicitly define theirs. The format of the string is defined in
|
||||
"man 1 ciphers" from OpenSSL man pages under the section "ciphersuites". For
|
||||
cipher configuration for TLSv1.2 and earlier, please check the
|
||||
"ssl-default-server-ciphers" keyword. Please check the "server" keyword for
|
||||
more information.
|
||||
cipher configuration for TLSv1.2 and earlier using the "OpenSSL" cipher
|
||||
format, please check the "ssl-default-server-ciphers" keyword. Please check the
|
||||
"server" keyword for more information.
|
||||
|
||||
ssl-default-server-client-sigalgs <sigalgs>
|
||||
This setting is only available when support for OpenSSL was built in. It sets
|
||||
|
|
@ -15507,10 +15507,11 @@ ciphers <ciphers>
|
|||
ciphersuites <ciphersuites>
|
||||
This setting is only available when support for OpenSSL was built in and
|
||||
OpenSSL 1.1.1 or later was used to build HAProxy. It sets the string describing
|
||||
the list of cipher algorithms ("cipher suite") that are negotiated during the
|
||||
TLSv1.3 handshake. The format of the string is defined in "man 1 ciphers" from
|
||||
OpenSSL man pages under the "ciphersuites" section. For cipher configuration
|
||||
for TLSv1.2 and earlier, please check the "ciphers" keyword.
|
||||
the list of cipher algorithms in "cipher suite" format that are negotiated
|
||||
during the TLS handshake. The format of the string is defined in "man 1
|
||||
ciphers" from OpenSSL man pages under the "ciphersuites" section. For cipher
|
||||
configuration for TLSv1.2 and earlier using the "OpenSSL" ciphers format,
|
||||
please check the "ciphers" keyword.
|
||||
|
||||
client-sigalgs <sigalgs>
|
||||
This setting is only available when support for OpenSSL was built in. It sets
|
||||
|
|
@ -16649,11 +16650,11 @@ ciphersuites <ciphersuites>
|
|||
|
||||
This setting is only available when support for OpenSSL was built in and
|
||||
OpenSSL 1.1.1 or later was used to build HAProxy. This option sets the string
|
||||
describing the list of cipher algorithms that is negotiated during the TLS
|
||||
1.3 handshake with the server. The format of the string is defined in
|
||||
"man 1 ciphers" from OpenSSL man pages under the "ciphersuites" section.
|
||||
For cipher configuration for TLSv1.2 and earlier, please check the "ciphers"
|
||||
keyword.
|
||||
describing the list of cipher algorithms in "cipher suite" format that is
|
||||
negotiated during the TLS handshake with the server. The format of the string
|
||||
is defined in "man 1 ciphers" from OpenSSL man pages under the "ciphersuites"
|
||||
section. For cipher configuration for TLSv1.2 and earlier using the "OpenSSL"
|
||||
cipher format, please check the "ciphers" keyword.
|
||||
|
||||
client-sigalgs <sigalgs>
|
||||
May be used in the following contexts: tcp, http, log, peers, ring
|
||||
|
|
|
|||
Loading…
Reference in New Issue