As per a recent mailing list discussion, suggesting specific cipher
settings is not too helpful, because they depend on a lot of factors,
ranging from client capabilities, available TLS libraries, new
security research, and others.
To avoid the documentation from become stale -- and potentially
wrong/dangerous, this commit adds links to Mozilla's well-reknowned
TLS blog, as well as to their configuration generator.
negotiated during the SSL/TLS handshake. The format of the string is defined
in "man 1 ciphers" from OpenSSL man pages, and can be for instance a string
such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without quotes).
+ Depending on the compatiblity and security requirements, the list of suitable
+ ciphers depends on a variety of variables. For background information and
+ recommendations see e. g. (https://wiki.mozilla.org/Security/Server_Side_TLS)
+ and (https://mozilla.github.io/server-side-tls/ssl-config-generator/).
crl-file <crlfile>
This setting is only available when support for OpenSSL was built in. It
projects / thirdparty / haproxy.git / commitdiff
