]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8a16fe0) | patch
MINOR: ssl: set SSL_OP_PRIORITIZE_CHACHA
authorLukas Tribus <lukas@ltri.eu>
Fri, 18 May 2018 15:55:57 +0000 (17:55 +0200)
committerWilly Tarreau <w@1wt.eu>
Wed, 23 May 2018 14:55:15 +0000 (16:55 +0200)
commit926594f60627c7727befb15c50eb7680f30948a4
tree940abcebd25a1e6e384acfa7a4e10d4af7064bdbtree
parent8a16fe0d053b93c00a8bcf86159135f98ca1377ecommit | diff
MINOR: ssl: set SSL_OP_PRIORITIZE_CHACHA

Sets OpenSSL 1.1.1's SSL_OP_PRIORITIZE_CHACHA unconditionally, as per [1]:

When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize
ChaCha20-Poly1305 ciphers to the top of the server cipher list if a
ChaCha20-Poly1305 cipher is at the top of the client cipher list. This
helps those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher
is anywhere in the server cipher list; but still allows other clients to
use AES and other ciphers. Requires SSL_OP_CIPHER_SERVER_PREFERENCE.

[1] https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_clear_options.html
doc/configuration.txt diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git