upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-15 21:59:41 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

DOC: configuration: ECH support details
Some checks failed
Contrib / build (push) Has been cancelled
Details
alpine/musl / gcc (push) Has been cancelled
Details
VTest / Generate Build Matrix (push) Has been cancelled
Details
Windows / Windows, gcc, all features (push) Has been cancelled
Details
VTest / (push) Has been cancelled
Details

Browse source 
Specify which OpenSSL branch is supported and that AWS-LC is not
supported.

Must be backported to 3.3.
This commit is contained in:
William Lallemand 2025-11-30 09:44:20 +01:00
parent 2b3d13a740
commit c641ea4f9b
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
doc/configuration.txt
View file

@ -16941,9 +16941,10 @@ ech <dir> [ EXPERIMENTAL ]
See https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
This is an experimental feature, which requires the
"expose-experimental-directives" option in the global section. It also
necessitates an OpenSSL version that supports ECH, and HAProxy must be
compiled with USE_ECH=1.
"expose-experimental-directives" option in the global section.
It also necessitates an OpenSSL version that supports ECH
( https://github.com/openssl/openssl/tree/feature/ech), and HAProxy must be
compiled with USE_ECH=1. The ECH API of AWS-LC is not supported.
Example:
$ openssl ech -public_name foobar.com -out /etc/haproxy/echkeydir/foobar.com.ech