mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-02-21 21:26:58 +00:00
9e7547740c
Openssl switched from aes128 to aes256 since may 2016 to compute tls ticket secrets used by default. But Haproxy still handled only 128 bits keys for both tls key file and CLI. This patch permit the user to set aes256 keys throught CLI or the key file (80 bytes encoded in base64) in the same way that aes128 keys were handled (48 bytes encoded in base64): - first 16 bytes for the key name - next 16/32 bytes for aes 128/256 key bits key - last 16/32 bytes for hmac 128/256 bits Both sizes are now supported (but keys from same file must be of the same size and can but updated via CLI only using a key of the same size). Note: This feature need the fix "dec func ignores padding for output size checking." |
||
|---|---|---|
| .. | ||
| design-thoughts | ||
| internals | ||
| lua-api | ||
| 51Degrees-device-detection.txt | ||
| acl.fig | ||
| architecture.txt | ||
| close-options.txt | ||
| coding-style.txt | ||
| configuration.txt | ||
| cookie-options.txt | ||
| DeviceAtlas-device-detection.txt | ||
| gpl.txt | ||
| haproxy.1 | ||
| intro.txt | ||
| lgpl.txt | ||
| linux-syn-cookies.txt | ||
| lua.txt | ||
| management.txt | ||
| netscaler-client-ip-insertion-protocol.txt | ||
| network-namespaces.txt | ||
| peers-v2.0.txt | ||
| peers.txt | ||
| proxy-protocol.txt | ||
| queuing.fig | ||
| regression-testing.txt | ||
| SPOE.txt | ||
| WURFL-device-detection.txt | ||