mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 22:01:31 +02:00
Code Issues Projects Releases Wiki Activity

DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list

Browse Source 
Support for "allow-0rtt" and "ciphersuites" exists for crt-list.

Fix issue #721.

Should be backported as far as 1.8.
This commit is contained in:
William Lallemand 2020-06-30 16:11:36 +02:00
parent daf8aa62a8
commit 5d03639ba6
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/configuration.txt
View File

@ -12301,10 +12301,11 @@ crt-list <file>
<crtfile> [\[<sslbindconf> ...\]] [[!]<snifilter> ...]
sslbindconf support "npn", "alpn", "verify", "ca-file", "ca-verify-file",
"no-ca-names", "crl-file", "ecdhe", "curves", "ciphers" configuration. With
BoringSSL and Openssl >= 1.1.1 "ssl-min-ver" and "ssl-max-ver" are also
supported. It override the configuration set in bind line for the certificate.
sslbindconf supports "allow-0rtt", "alpn", "ca-file", "ca-verify-file",
"ciphers", "ciphersuites", "crl-file", "curves", "ecdhe", "no-ca-names",
"npn", "verify" configuration. With BoringSSL and Openssl >= 1.1.1
"ssl-min-ver" and "ssl-max-ver" are also supported. It overrides the
configuration set in bind line for the certificate.
Wildcards are supported in the SNI filter. Negative filter are also supported,
only useful in combination with a wildcard filter to exclude a particular SNI.