mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-03-11 05:48:41 +00:00
haproxy public development tree
23093c72f1
When using TLSv1.3, the signature algorithms extension is used to chose the right ECDSA or RSA certificate. However there was an old test for previous version of TLS (< 1.3) which was testing if the cipher is compatible with ECDSA when an ECDSA signature algorithm is used. This test was relying on SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa to verify if the cipher is still good. Problem is, with TLSv1.3, all ciphersuites are compatible with any authentication algorithm, but SSL_CIPHER_get_auth_nid(cipher) does not return NID_auth_ecdsa, but NID_auth_any. Because of this, with TLSv1.3 when both ECDSA and RSA certificates are available for a domain, the ECDSA one is not chosen in priority. This patch also introduces a test on the cipher IDs for the signaling ciphersuites, because they would always return NID_auth_any, and are not relevent for this selection. This patch fixes issue #2300. Must be backported in all stable versions. |
||
|---|---|---|
| .github | ||
| addons | ||
| admin | ||
| dev | ||
| doc | ||
| examples | ||
| include | ||
| reg-tests | ||
| scripts | ||
| src | ||
| tests | ||
| .cirrus.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .travis.yml | ||
| BRANCHES | ||
| BSDmakefile | ||
| CHANGELOG | ||
| CONTRIBUTING | ||
| INSTALL | ||
| LICENSE | ||
| MAINTAINERS | ||
| Makefile | ||
| README | ||
| SUBVERS | ||
| VERDATE | ||
| VERSION | ||
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)