mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-22 14:21:25 +02:00
1b03f8016d
Highly inspired from nginx openssl wrapper code. This wrapper implement this list of functions: SSL_set_quic_method(), SSL_quic_read_level(), SSL_quic_write_level(), SSL_set_quic_transport_params(), SSL_provide_quic_data(), SSL_process_quic_post_handshake() and SSL_QUIC_METHOD QUIC specific bio method which are also implemented by quictls to support QUIC from OpenSSL. So, its aims is to support QUIC from a standard OpenSSL stack without QUIC support. It relies on the OpenSSL keylog feature to retreive the secrets derived by the OpenSSL stack during a handshake and to pass them to the ->set_encryption_secrets() callback as this is done by quictls. It makes usage of a callback (quic_tls_compat_msg_callback()) to handle some TLS messages only on the receipt path. Some of them must be passed to the ->add_handshake_data() callback as this is done with quictls to be sent to the peer as CRYPTO data. quic_tls_compat_msg_callback() callback also sends the received TLS alert with ->send_alert() callback. AES 128-bits with CCM mode is not supported at this time. It is often disabled by the OpenSSL stack, but as it can be enabled by "ssl-default-bind-ciphersuites", the wrapper will send a TLS alerts (Handhshake failure) if this algorithm is negotiated between the client and the server. 0rtt is also not supported by this wrapper.
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)