git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Nenad Merdanovic <nmerdan@anine.io>
	Fri, 27 Feb 2015 18:56:49 +0000 (19:56 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Sat, 28 Feb 2015 22:10:22 +0000 (23:10 +0100)
commit	05552d4b98127bd52d3e0008a6c62bde46be5c35
tree	50cdfb00a344f0549e43ddcb053ee853d5551a76	tree \| snapshot
parent	eaabd52e29a29187f9829fe727028a6ca530cbf9	commit \| diff

MEDIUM: Add support for configurable TLS ticket keys

Until now, the TLS ticket keys couldn't have been configured and
shared between multiple instances or multiple servers running HAproxy.
The result was that if a request got a TLS ticket from one instance/server
and it hits another one afterwards, it will have to go through the full
SSL handshake and negotation.

This patch enables adding a ticket file to the bind line, which will be
used for all SSL contexts created from that bind line. We can use the
same file on all instances or servers to mitigate this issue and have
consistent TLS tickets assigned. Clients will no longer have to negotiate
every time they change the handling process.

Signed-off-by: Nenad Merdanovic <nmerdan@anine.io>

include/common/defaults.h		diff \| blob \| blame \| history
include/types/listener.h		diff \| blob \| blame \| history
include/types/ssl_sock.h		diff \| blob \| blame \| history
src/cfgparse.c		diff \| blob \| blame \| history
src/ssl_sock.c		diff \| blob \| blame \| history