From 44f6539e4796ac2069130185700fd48df3af2bdc Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 25 Jun 2013 07:56:20 +0200 Subject: [PATCH] DOC: remove the comment saying that SSL certs are not checked on the server side Server certificate check was added in 1.5-dev13 but the comment on the "ssl" keyword was not removed, leading to confusion about when to use it. --- doc/configuration.txt | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 675bb8e5e..8feee6e46 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -8070,14 +8070,13 @@ source [:[-]] [interface ] ... Supported in default-server: No ssl - This option enables SSL ciphering on outgoing connections to the server. At - the moment, server certificates are not checked, so this is prone to man in - the middle attacks. The real intended use is to permit SSL communication - with software which cannot work in other modes over networks that would - otherwise be considered safe enough for clear text communications. When this - option is used, health checks are automatically sent in SSL too unless there - is a "port" or an "addr" directive indicating the check should be sent to a - different location. See the "check-ssl" optino to force SSL health checks. + This option enables SSL ciphering on outgoing connections to the server. It + is critical to verify server certificates using "verify" when using SSL to + connect to servers, otherwise the communication is prone to trivial man in + the-middle attacks rendering SSL useless. When this option is used, health + checks are automatically sent in SSL too unless there is a "port" or an + "addr" directive indicating the check should be sent to a different location. + See the "check-ssl" optino to force SSL health checks. Supported in default-server: No @@ -8095,7 +8094,9 @@ verify [none|required] to 'none', server certificate is not verified. This is the default. In the other case, The certificate provided by the server is verified using CAs from 'ca-file' and optional CRLs from 'crl-file'. On verify failure the handshake - is aborted. + is aborted. It is critically important to verify server certificates when + using SSL to connect to servers, otherwise the communication is prone to + trivial man-in-the-middle attacks rendering SSL totally useless. Supported in default-server: No