<crtfile> [\[<sslbindconf> ...\]] [[!]<snifilter> ...]
- sslbindconf supports "allow-0rtt", "alpn", "ca-file", "ca-verify-file",
- "ciphers", "ciphersuites", "crl-file", "curves", "ecdhe", "no-ca-names",
- "npn", "verify" configuration. With BoringSSL and Openssl >= 1.1.1
- "ssl-min-ver" and "ssl-max-ver" are also supported. It overrides the
- configuration set in bind line for the certificate.
+ sslbindconf supports the following keywords from the bind line
+ (see Section 5.1. Bind options):
+
+ - allow-0rtt
+ - alpn
+ - ca-file
+ - ca-verify-file
+ - ciphers
+ - ciphersuites
+ - client-sigalgs
+ - crl-file
+ - curves
+ - ecdhe
+ - no-alpn
+ - no-ca-names
+ - npn
+ - sigalgs
+ - ssl-min-ver
+ - ssl-max-ver
+ - verify
+
+ It overrides the configuration set in bind line for the certificate.
Wildcards are supported in the SNI filter. Negative filter are also supported,
useful in combination with a wildcard filter to exclude a particular SNI, or
*/
/* the <ssl_crtlist_kws> keywords are used for crt-list parsing, they *MUST* be safe
- * with their proxy argument NULL and must only fill the ssl_bind_conf */
+ * with their proxy argument NULL and must only fill the ssl_bind_conf
+ *
+ * /!\ Please update configuration.txt at the crt-list option of the Bind options
+ * section when adding a keyword in ssl_crtlist_kws. /!\
+ *
+ */
struct ssl_crtlist_kw ssl_crtlist_kws[] = {
{ "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
{ "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
projects / thirdparty / haproxy.git / commitdiff
