mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 22:01:31 +02:00
Code Issues Projects Releases Wiki Activity
20,963 Commits 19 Branches 396 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
William Lallemand 23093c72f1 BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA 
When using TLSv1.3, the signature algorithms extension is used to chose
the right ECDSA or RSA certificate.

However there was an old test for previous version of TLS (< 1.3) which
was testing if the cipher is compatible with ECDSA when an ECDSA
signature algorithm is used. This test was relying on
SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa to verify if the
cipher is still good.

Problem is, with TLSv1.3, all ciphersuites are compatible with any
authentication algorithm, but SSL_CIPHER_get_auth_nid(cipher) does not
return NID_auth_ecdsa, but NID_auth_any.

Because of this, with TLSv1.3 when both ECDSA and RSA certificates are
available for a domain, the ECDSA one is not chosen in priority.

This patch also introduces a test on the cipher IDs for the signaling
ciphersuites, because they would always return NID_auth_any, and are not
relevent for this selection.

This patch fixes issue #2300.

Must be backported in all stable versions.
2023-10-26 19:17:13 +02:00
.github
CI: github: add awslc 1.16.0 to the push CI
2023-10-11 11:38:27 +02:00
addons
MEDIUM: tree-wide: logsrv struct becomes logger
2023-10-13 10:05:06 +02:00
admin
MINOR: acme.sh: add the deploy script for acme.sh in admin directory
2023-04-26 17:32:15 +02:00
dev
DEV: sslkeylogger: handle file opening error
2023-10-03 15:23:35 +02:00
doc
MINOR: lua: change tune.lua.log.stderr default from 'on' to 'auto'
2023-10-25 07:49:03 +02:00
examples
EXAMPLES: maintain haproxy 2.8 retrocompatibility for lua mailers script
2023-07-11 16:04:22 +02:00
include
MEDIUM: quic: count quic_conn for global sslconns
2023-10-26 15:35:58 +02:00
reg-tests
MINOR: sample: Added support for Arrays in sample_conv_json_query in sample.c
2023-10-20 18:42:05 +02:00
scripts
CI: ssl: add git id support for wolfssl download
2023-10-10 10:34:17 +02:00
src
BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA
2023-10-26 19:17:13 +02:00
tests
Revert "MAJOR: import: update mt_list to support exponential back-off"
2023-09-15 17:13:43 +02:00
.cirrus.yml
CI: cirrus-ci: display gdb bt if any
2023-09-22 08:28:30 +02:00
.gitattributes
MINOR: Configure the cpp userdiff driver for *.[ch] in .gitattributes
2021-02-22 18:17:57 +01:00
.gitignore
CONTRIB: Add vi file extensions to .gitignore
2023-06-02 18:14:34 +02:00
.mailmap
DOC: update Tim's address in .mailmap
2021-09-16 09:14:14 +02:00
.travis.yml
CI: travis-ci: temporarily disable arm64 builds
2021-08-07 07:28:15 +02:00
BRANCHES
DOC: fix some spelling issues over multiple files
2021-01-08 14:53:47 +01:00
BSDmakefile
BUILD: makefile: commit the tiny FreeBSD makefile stub
2023-05-24 17:17:36 +02:00
CHANGELOG
[RELEASE] Released version 2.9-dev8
2023-10-20 21:36:47 +02:00
CONTRIBUTING
CLEANUP: assorted typo fixes in the code and comments
2021-08-16 12:37:59 +02:00
INSTALL
BUILD: ssl: Build with new cryptographic library AWS-LC
2023-09-04 18:19:18 +02:00
LICENSE
LICENSE: add licence exception for OpenSSL
2012-09-07 13:52:26 +02:00
MAINTAINERS
CLEANUP: assorted typo fixes in the code and comments
2022-11-30 14:02:36 +01:00
Makefile
BUILD: ssl: Build with new cryptographic library AWS-LC
2023-09-04 18:19:18 +02:00
README
DOC: create a BRANCHES file to explain the life cycle
2019-06-15 22:00:14 +02:00
SUBVERS
BUILD: use format tags in VERDATE and SUBVERS files
2013-12-10 11:22:49 +01:00
VERDATE
[RELEASE] Released version 2.9-dev8
2023-10-20 21:36:47 +02:00
VERSION
[RELEASE] Released version 2.9-dev8
2023-10-20 21:36:47 +02:00

README 

The HAProxy documentation has been split into a number of different files for
ease of use.

Please refer to the following files depending on what you're looking for :

  - INSTALL for instructions on how to build and install HAProxy
  - BRANCHES to understand the project's life cycle and what version to use
  - LICENSE for the project's license
  - CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory :

  - doc/intro.txt for a quick introduction on HAProxy
  - doc/configuration.txt for the configuration's reference manual
  - doc/lua.txt for the Lua's reference manual
  - doc/SPOE.txt for how to use the SPOE engine
  - doc/network-namespaces.txt for how to use network namespaces under Linux
  - doc/management.txt for the management guide
  - doc/regression-testing.txt for how to use the regression testing suite
  - doc/peers.txt for the peers protocol reference
  - doc/coding-style.txt for how to adopt HAProxy's coding style
  - doc/internals for developer-specific documentation (not all up to date)
Description
No description provided
Readme 51 MiB
Languages
C 98.1%
Shell 0.8%
Makefile 0.5%
Lua 0.2%
Python 0.2%