mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-03 16:51:01 +01:00
Code Issues Projects Releases Wiki Activity

DOC: configuration: ECH support details

Browse Source 
Specify which OpenSSL branch is supported and that AWS-LC is not
supported.

Must be backported to 3.3.
This commit is contained in:
William Lallemand 2025-11-30 09:44:20 +01:00
parent 2b3d13a740
commit c641ea4f9b
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/configuration.txt
View File

@ -16941,9 +16941,10 @@ ech <dir> [ EXPERIMENTAL ]
See https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ See https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
This is an experimental feature, which requires the This is an experimental feature, which requires the
"expose-experimental-directives" option in the global section. It also "expose-experimental-directives" option in the global section.
necessitates an OpenSSL version that supports ECH, and HAProxy must be It also necessitates an OpenSSL version that supports ECH
compiled with USE_ECH=1. ( https://github.com/openssl/openssl/tree/feature/ech), and HAProxy must be
compiled with USE_ECH=1. The ECH API of AWS-LC is not supported.
Example: Example:
$ openssl ech -public_name foobar.com -out /etc/haproxy/echkeydir/foobar.com.ech $ openssl ech -public_name foobar.com -out /etc/haproxy/echkeydir/foobar.com.ech