From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 30 Jun 2020 14:11:36 +0000 (+0200)
Subject: DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list
X-Git-Tag: v2.2-dev12~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5d03639ba6fa9e7eee8af8fe489101de65d7f6f1;p=thirdparty%2Fhaproxy.git

DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list

Support for "allow-0rtt" and "ciphersuites" exists for crt-list.

Fix issue #721.

Should be backported as far as 1.8.
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index f03620efbc..2aed84ecc8 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -12301,10 +12301,11 @@ crt-list <file>
 
         <crtfile> [\[<sslbindconf> ...\]] [[!]<snifilter> ...]
 
-  sslbindconf support "npn", "alpn", "verify", "ca-file", "ca-verify-file",
-  "no-ca-names", "crl-file", "ecdhe", "curves", "ciphers" configuration. With
-  BoringSSL and Openssl >= 1.1.1 "ssl-min-ver" and "ssl-max-ver" are also
-  supported. It override the configuration set in bind line for the certificate.
+  sslbindconf supports "allow-0rtt", "alpn", "ca-file", "ca-verify-file",
+  "ciphers", "ciphersuites", "crl-file", "curves", "ecdhe", "no-ca-names",
+  "npn", "verify" configuration. With BoringSSL and Openssl >= 1.1.1
+  "ssl-min-ver" and "ssl-max-ver" are also supported. It overrides the
+  configuration set in bind line for the certificate.
 
   Wildcards are supported in the SNI filter. Negative filter are also supported,
   only useful in combination with a wildcard filter to exclude a particular SNI.