mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 23:27:04 +02:00
Code Issues Projects Releases Wiki Activity
cbaaec475c
haproxy/include
History
David BERARD e566ecbea8 MEDIUM: ssl: add support for prefer-server-ciphers option 
I wrote a small path to add the SSL_OP_CIPHER_SERVER_PREFERENCE OpenSSL option
to frontend, if the 'prefer-server-ciphers' keyword is set.

Example :
	bind 10.11.12.13 ssl /etc/haproxy/ssl/cert.pem ciphers RC4:HIGH:!aNULL:!MD5 prefer-server-ciphers

This option mitigate the effect of the BEAST Attack (as I understand), and it
equivalent to :
	- Apache HTTPd SSLHonorCipherOrder option.
	- Nginx ssl_prefer_server_ciphers option.

[WT: added a test for the support of the option]
2012-09-04 15:35:32 +02:00
..
common BUILD: include sys/socket.h to fix build failure on FreeBSD 2012-09-04 14:18:33 +02:00
import [MAJOR] replace ultree with ebtree in wait-queues 2008-06-24 08:17:16 +02:00
proto BUILD: http: rename error_message http_error_message to fix conflicts on RHEL 2012-09-04 12:19:04 +02:00
types MEDIUM: ssl: add support for prefer-server-ciphers option 2012-09-04 15:35:32 +02:00