mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-10 09:07:02 +02:00
Code Issues Projects Releases Wiki Activity

DOC: ssl: Clarify when pre TLSv1.3 cipher can be used

Browse Source 
This is mainly driven by the fact TLSv1.3 will have a successor at some
point.
This commit is contained in:
Bertrand Jacquin 2019-02-03 18:35:25 +00:00 committed by Willy Tarreau
parent 1a0fe3becd
commit 8cf7c1eb61
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/configuration.txt
View File

@ -1027,7 +1027,7 @@ setenv <name> <value>
ssl-default-bind-ciphers <ciphers> ssl-default-bind-ciphers <ciphers>
This setting is only available when support for OpenSSL was built in. It sets This setting is only available when support for OpenSSL was built in. It sets
the default string describing the list of cipher algorithms ("cipher suite") the default string describing the list of cipher algorithms ("cipher suite")
that are negotiated during the SSL/TLS handshake except for TLSv1.3 for all that are negotiated during the SSL/TLS handshake up to TLSv1.2 for all
"bind" lines which do not explicitly define theirs. The format of the string "bind" lines which do not explicitly define theirs. The format of the string
is defined in "man 1 ciphers" from OpenSSL man pages, and can be for instance is defined in "man 1 ciphers" from OpenSSL man pages, and can be for instance
a string such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without quotes). For a string such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without quotes). For
@ -1059,7 +1059,7 @@ ssl-default-bind-options [<option>]...
ssl-default-server-ciphers <ciphers> ssl-default-server-ciphers <ciphers>
This setting is only available when support for OpenSSL was built in. It This setting is only available when support for OpenSSL was built in. It
sets the default string describing the list of cipher algorithms that are sets the default string describing the list of cipher algorithms that are
negotiated during the SSL/TLS handshake except for TLSv1.3 with the server, negotiated during the SSL/TLS handshake up to TLSv1.2 with the server,
for all "server" lines which do not explicitly define theirs. The format of for all "server" lines which do not explicitly define theirs. The format of
the string is defined in "man 1 ciphers". For TLSv1.3 cipher configuration, the string is defined in "man 1 ciphers". For TLSv1.3 cipher configuration,
please check the "ssl-default-server-ciphersuites" keyword. Please check the please check the "ssl-default-server-ciphersuites" keyword. Please check the
@ -10893,7 +10893,7 @@ ca-sign-pass <passphrase>
ciphers <ciphers> ciphers <ciphers>
This setting is only available when support for OpenSSL was built in. It sets This setting is only available when support for OpenSSL was built in. It sets
the string describing the list of cipher algorithms ("cipher suite") that are the string describing the list of cipher algorithms ("cipher suite") that are
negotiated during the SSL/TLS handshake except for TLSv1.3. The format of the negotiated during the SSL/TLS handshake up to TLSv1.2. The format of the
string is defined in "man 1 ciphers" from OpenSSL man pages, and can be for string is defined in "man 1 ciphers" from OpenSSL man pages, and can be for
instance a string such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without instance a string such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without
quotes). Depending on the compatibility and security requirements, the list quotes). Depending on the compatibility and security requirements, the list