mirror of
https://github.com/haproxy/haproxy.git
synced 2026-07-11 02:02:18 -04:00
Add ssl_fips_check_ciphers() to check the cipher list already loaded into an SSL_CTX against the FIPS-approved bulk cipher NID allowlist (AES-128-GCM, AES-256-GCM). The check is run unconditionally after SSL_CTX_set_cipher_list() for both bind and server contexts. The function reuses the fips_obj_info() helper introduced with the version check to emit precise 'type proxy/name [file:line]' error messages and returns ERR_ALERT|ERR_ABORT|ERR_FATAL on violation. |
||
|---|---|---|
| .. | ||
| haproxy | ||
| import | ||
| make | ||