RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-19 18:28:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
28d976d5ee
haproxy/doc
History
Nenad Merdanovic 5fc7d7e8ce MINOR: Add sample fetch to detect Supported Elliptic Curves Extension 
Clients that support ECC cipher suites SHOULD send the specified extension
within the SSL ClientHello message according to RFC4492, section 5.1. We
can use this extension to chain-proxy requests so that, on the same IP
address, a ECC compatible clients gets an EC certificate and a non-ECC
compatible client gets a regular RSA certificate. The main advantage of this
approach compared to the one presented by Dave Zhu on the mailing list
is that we can make it work with OpenSSL versions before 1.0.2.

Example:
frontend ssl-relay
        mode tcp
        bind 0.0.0.0:443
        use_backend ssl-ecc if { req.ssl_ec_ext 1 }
        default_backend ssl-rsa

backend ssl-ecc
        mode tcp
        server ecc unix@/var/run/haproxy_ssl_ecc.sock send-proxy-v2 check

backend ssl-rsa
        mode tcp
        server rsa unix@/var/run/haproxy_ssl_rsa.sock send-proxy-v2 check

listen  all-ssl
        bind unix@/var/run/haproxy_ssl_ecc.sock accept-proxy ssl crt /usr/local/haproxy/ecc.foo.com.pem user nobody
        bind unix@/var/run/haproxy_ssl_rsa.sock accept-proxy ssl crt /usr/local/haproxy/www.foo.com.pem user nobody

Signed-off-by: Nenad Merdanovic <nmerdan@anine.io>
2015-07-09 09:26:59 +02:00
..
design-thoughts DOC: commit a few old design thoughts files 2014-06-19 21:02:32 +02:00
internals DOC: lua: schematics about lua socket organization 2015-06-03 15:53:04 +02:00
lua-api MINOR: lua: Variable access 2015-06-13 23:01:37 +02:00
acl.fig
architecture.txt MINOR: patch for minor typo (ressources/resources) 2012-03-21 07:54:41 +01:00
close-options.txt [DOC] add a few old and uncommitted docs 2011-09-05 01:04:44 +02:00
coding-style.txt DOC: add a coding-style file 2011-12-30 17:33:27 +01:00
configuration.txt MINOR: Add sample fetch to detect Supported Elliptic Curves Extension 2015-07-09 09:26:59 +02:00
cookie-options.txt [DOC] add a few old and uncommitted docs 2011-09-05 01:04:44 +02:00
gpl.txt
haproxy-en.txt MEDIUM: New cli option -Ds for systemd compatibility 2013-02-13 10:47:49 +01:00
haproxy-fr.txt MEDIUM: New cli option -Ds for systemd compatibility 2013-02-13 10:47:49 +01:00
haproxy.1 DOC: fix a few config typos. 2014-04-14 14:03:08 +02:00
lgpl.txt
network-namespaces.txt MAJOR: namespace: add Linux network namespace support 2014-11-21 07:51:57 +01:00
proxy-protocol.txt DOC: update the doc on the proxy protocol 2015-05-02 15:13:07 +02:00
queuing.fig