haproxy/doc
William Lallemand 501d9fdb86 MEDIUM: ssl: allow to change the OpenSSL security level from global section
The new "ssl-security-level" option allows one to change the OpenSSL
security level without having to change the openssl.cnf global file of
your distribution. This directives applies on every SSL_CTX context.

People sometimes change their security level directly in the ciphers
directive, however there are some cases when the security level change
is not applied in the right order (for example when applying a DH
param).

Before this patch, it was to possible to trick by using a specific
openssl.cnf file and start haproxy this way:

    OPENSSL_CONF=./openssl.cnf ./haproxy -f bug-2468.cfg

Values for the security level can be found there:

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html

This was discussed in github issue #2468.
2024-03-12 17:37:11 +01:00
..
design-thoughts DOC: design: write first notes about ring-v2 2024-03-09 11:23:52 +01:00
internals
lua-api MINOR: hlua: Be able to disable logging from lua 2024-03-01 15:01:18 +01:00
51Degrees-device-detection.txt DOC: 51d: updated 51Degrees repo URL for v3.2.10 2023-11-23 16:26:13 +01:00
DeviceAtlas-device-detection.txt CLEANUP: assorted typo fixes in the code and comments 2024-03-05 11:50:34 +01:00
SOCKS4.protocol.txt
SPOE.txt CLEANUP: assorted typo fixes in the code and comments 2023-11-23 16:23:14 +01:00
WURFL-device-detection.txt
acl.fig
architecture.txt
coding-style.txt
configuration.txt MEDIUM: ssl: allow to change the OpenSSL security level from global section 2024-03-12 17:37:11 +01:00
cookie-options.txt
gpl.txt
haproxy.1
intro.txt [RELEASE] Released version 3.0-dev0 2023-12-05 16:19:35 +01:00
lgpl.txt
linux-syn-cookies.txt
lua.txt
management.txt MINOR: quic: add MUX output for show quic 2024-02-29 10:03:36 +01:00
netscaler-client-ip-insertion-protocol.txt
network-namespaces.txt
peers-v2.0.txt MEDIUM: stick-tables: add a new stored type for glitch_cnt and glitch_rate 2024-02-08 15:51:49 +01:00
peers.txt
proxy-protocol.txt
queuing.fig
regression-testing.txt CLEANUP: assorted typo fixes in the code and comments 2023-11-23 16:23:14 +01:00
seamless_reload.txt