mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 20:46:11 +02:00
Code Issues Projects Releases Wiki Activity

DOC: Refer to Mozilla TLS info / config generator

Browse Source 
As per a recent mailing list discussion, suggesting specific cipher
settings is not too helpful, because they depend on a lot of factors,
ranging from client capabilities, available TLS libraries, new
security research, and others.
To avoid the documentation from become stale -- and potentially
wrong/dangerous, this commit adds links to Mozilla's well-reknowned
TLS blog, as well as to their configuration generator.
This commit is contained in:
Daniel Schneller 2017-09-01 19:29:57 +02:00 committed by Willy Tarreau
parent d8703e8cd7
commit 87e4302707
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/configuration.txt
View File

@ -10292,6 +10292,10 @@ ciphers <ciphers>
negotiated during the SSL/TLS handshake. The format of the string is defined
in "man 1 ciphers" from OpenSSL man pages, and can be for instance a string
such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without quotes).
Depending on the compatiblity and security requirements, the list of suitable
ciphers depends on a variety of variables. For background information and
recommendations see e. g. (https://wiki.mozilla.org/Security/Server_Side_TLS)
and (https://mozilla.github.io/server-side-tls/ssl-config-generator/).
crl-file <crlfile>
This setting is only available when support for OpenSSL was built in. It