RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-15 07:54:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
1d6338ea96
haproxy/doc
History
Remi Tricot-Le Breton 1d6338ea96 MEDIUM: ssl: Disable DHE ciphers by default 
DHE ciphers do not present a security risk if the key is big enough but
they are slow and mostly obsoleted by ECDHE. This patch removes any
default DH parameters. This will effectively disable all DHE ciphers
unless a global ssl-dh-param-file is defined, or
tune.ssl.default-dh-param is set, or a frontend has DH parameters
included in its PEM certificate. In this latter case, only the frontends
that have DH parameters will have DHE ciphers enabled.
Adding explicitely a DHE ciphers in a "bind" line will not be enough to
actually enable DHE. We would still need to know which DH parameters to
use so one of the three conditions described above must be met.

This request was described in GitHub issue #1604.
2022-04-20 17:30:55 +02:00
..
design-thoughts DOC: design: commit the temporary design notes on thread groups 2022-02-24 09:06:37 +01:00
internals DOC: internal: update the pools API to mention boot-time settings 2022-02-24 08:58:04 +01:00
lua-api DOC: lua: CertCache class documentation 2022-03-30 16:02:43 +02:00
51Degrees-device-detection.txt CONTRIB: move 51Degrees to addons/51degrees 2021-04-02 17:48:42 +02:00
acl.fig
architecture.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
close-options.txt MINOR: config: reject long-deprecated "option forceclose" 2021-06-11 16:57:34 +02:00
coding-style.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
configuration.txt MEDIUM: ssl: Disable DHE ciphers by default 2022-04-20 17:30:55 +02:00
cookie-options.txt
DeviceAtlas-device-detection.txt MEDIUM: da: update doc and build for new scheduler mode service. 2022-01-28 07:28:53 +01:00
gpl.txt
haproxy.1
intro.txt [RELEASE] Released version 2.6-dev0 2021-11-23 15:50:11 +01:00
lgpl.txt
linux-syn-cookies.txt
lua.txt [RELEASE] Released version 2.6-dev6 2022-04-16 12:15:47 +02:00
management.txt DOC: management: add missing dot in 9.4.1 2022-03-31 15:28:42 +02:00
netscaler-client-ip-insertion-protocol.txt
network-namespaces.txt
peers-v2.0.txt DOC: peers: fix the protocol tag name in the doc 2021-05-09 06:38:07 +02:00
peers.txt DOC/peers: some grammar fixes for peers 2.1 spec 2021-11-02 17:28:43 +01:00
proxy-protocol.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
queuing.fig
regression-testing.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
seamless_reload.txt
SOCKS4.protocol.txt
SPOE.txt DOC: spoe: Clarify use of the event directive in spoe-message section 2021-12-03 10:18:11 +01:00
WURFL-device-detection.txt CONTRIB: move src/wurfl.c and contrib/wurfl to addons/wurfl 2021-04-02 17:48:42 +02:00