upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-15 21:59:41 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

DOC: ssl: update 'crt' statement on 'bind' about Diffie-Hellman parameters loading

Browse source
This commit is contained in:
Emeric Brun 2012-09-28 13:01:45 +02:00 committed by Willy Tarreau
parent a4bcd9a5a8
commit e032bfaa33
1 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
doc/configuration.txt
View file

@ -6748,20 +6748,20 @@ crt <cert>
This setting is only available when support for OpenSSL was built in.
It designates a PEM file from which to load both a certificate and the
associated private key. This file can be built by concatenating both PEM
files into one. If a directory name is used instead of a PEM file, then all
files found in that directory will be loaded. This directive may be specified
multiple times in order to load certificates from multiple files or
directories. The certificates will be presented to clients who provide a
valid TLS Server Name Indication field matching one of their CN or alt
subjects. Wildcards are supported, where a wildcard character '*' is used
instead of the first hostname component (eg: *.example.org matches
files into one. If the OpenSSL used supports Diffie-Hellman, parameters
present in this file are also loaded. If a directory name is used instead of a
PEM file, then all files found in that directory will be loaded. This
directive may be specified multiple times in order to load certificates from
multiple files or directories. The certificates will be presented to clients
who provide a valid TLS Server Name Indication field matching one of their CN
or alt subjects. Wildcards are supported, where a wildcard character '*' is
used instead of the first hostname component (eg: *.example.org matches
www.example.org but not www.sub.example.org). If no SNI is provided by the
client or if the SSL library does not support TLS extensions, or if the
client provides and SNI which does not match any certificate, then the first
loaded certificate will be presented. This means that when loading
certificates from a directory, it is highly recommended to load the default
one first as a file. Note that the same cert may be loaded multiple times
without side effects.
client or if the SSL library does not support TLS extensions, or if the client
provides and SNI which does not match any certificate, then the first loaded
certificate will be presented. This means that when loading certificates from
a directory, it is highly recommended to load the default one first as a file.
Note that the same cert may be loaded multiple times without side effects.
defer-accept
Is an optional keyword which is supported only on certain Linux kernels. It