upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-19 02:29:31 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 18
haproxy/doc
History
Remi Tricot-Le Breton 1d6338ea96 MEDIUM: ssl: Disable DHE ciphers by default 
DHE ciphers do not present a security risk if the key is big enough but
they are slow and mostly obsoleted by ECDHE. This patch removes any
default DH parameters. This will effectively disable all DHE ciphers
unless a global ssl-dh-param-file is defined, or
tune.ssl.default-dh-param is set, or a frontend has DH parameters
included in its PEM certificate. In this latter case, only the frontends
that have DH parameters will have DHE ciphers enabled.
Adding explicitely a DHE ciphers in a "bind" line will not be enough to
actually enable DHE. We would still need to know which DH parameters to
use so one of the three conditions described above must be met.

This request was described in GitHub issue #1604.
2022-04-20 17:30:55 +02:00
..
design-thoughts DOC: design: commit the temporary design notes on thread groups 2022-02-24 09:06:37 +01:00
internals DOC: internal: update the pools API to mention boot-time settings 2022-02-24 08:58:04 +01:00
lua-api DOC: lua: CertCache class documentation 2022-03-30 16:02:43 +02:00
51Degrees-device-detection.txt CONTRIB: move 51Degrees to addons/51degrees 2021-04-02 17:48:42 +02:00
acl.fig [DOC] add diagrams of queuing and future ACL design 2009-02-22 16:46:38 +01:00
architecture.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
close-options.txt MINOR: config: reject long-deprecated "option forceclose" 2021-06-11 16:57:34 +02:00
coding-style.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
configuration.txt MEDIUM: ssl: Disable DHE ciphers by default 2022-04-20 17:30:55 +02:00
cookie-options.txt DOC: fix a few typos in the documentation 2018-11-18 22:23:15 +01:00
DeviceAtlas-device-detection.txt MEDIUM: da: update doc and build for new scheduler mode service. 2022-01-28 07:28:53 +01:00
gpl.txt [LICENSE] licensing clarifications 2006-06-15 21:48:13 +02:00
haproxy.1 DOC: add description of pidfile in master-worker mode 2020-08-26 18:40:53 +02:00
intro.txt [RELEASE] Released version 2.6-dev0 2021-11-23 15:50:11 +01:00
lgpl.txt [LICENSE] licensing clarifications 2006-06-15 21:48:13 +02:00
linux-syn-cookies.txt DOC: add doc/linux-syn-cookies.txt 2015-08-11 12:17:41 +02:00
lua.txt [RELEASE] Released version 2.6-dev6 2022-04-16 12:15:47 +02:00
management.txt DOC: management: add missing dot in 9.4.1 2022-03-31 15:28:42 +02:00
netscaler-client-ip-insertion-protocol.txt DOC: fix typos 2019-05-25 07:34:24 +02:00
network-namespaces.txt MAJOR: namespace: add Linux network namespace support 2014-11-21 07:51:57 +01:00
peers-v2.0.txt DOC: peers: fix the protocol tag name in the doc 2021-05-09 06:38:07 +02:00
peers.txt DOC/peers: some grammar fixes for peers 2.1 spec 2021-11-02 17:28:43 +01:00
proxy-protocol.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
queuing.fig [DOC] add diagrams of queuing and future ACL design 2009-02-22 16:46:38 +01:00
regression-testing.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
seamless_reload.txt CLEANUP: removed obsolete examples an move a few to better places 2019-06-15 21:25:06 +02:00
SOCKS4.protocol.txt MEDIUM: connection: Upstream SOCKS4 proxy support 2019-05-31 17:24:06 +02:00
SPOE.txt DOC: spoe: Clarify use of the event directive in spoe-message section 2021-12-03 10:18:11 +01:00
WURFL-device-detection.txt CONTRIB: move src/wurfl.c and contrib/wurfl to addons/wurfl 2021-04-02 17:48:42 +02:00