501d9fdb86
The new "ssl-security-level" option allows one to change the OpenSSL security level without having to change the openssl.cnf global file of your distribution. This directives applies on every SSL_CTX context. People sometimes change their security level directly in the ciphers directive, however there are some cases when the security level change is not applied in the right order (for example when applying a DH param). Before this patch, it was to possible to trick by using a specific openssl.cnf file and start haproxy this way: OPENSSL_CONF=./openssl.cnf ./haproxy -f bug-2468.cfg Values for the security level can be found there: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html This was discussed in github issue #2468. |
||
---|---|---|
.. | ||
design-thoughts | ||
internals | ||
lua-api | ||
51Degrees-device-detection.txt | ||
DeviceAtlas-device-detection.txt | ||
SOCKS4.protocol.txt | ||
SPOE.txt | ||
WURFL-device-detection.txt | ||
acl.fig | ||
architecture.txt | ||
coding-style.txt | ||
configuration.txt | ||
cookie-options.txt | ||
gpl.txt | ||
haproxy.1 | ||
intro.txt | ||
lgpl.txt | ||
linux-syn-cookies.txt | ||
lua.txt | ||
management.txt | ||
netscaler-client-ip-insertion-protocol.txt | ||
network-namespaces.txt | ||
peers-v2.0.txt | ||
peers.txt | ||
proxy-protocol.txt | ||
queuing.fig | ||
regression-testing.txt | ||
seamless_reload.txt |