From: Nenad Merdanovic Date: Sat, 9 May 2015 06:46:02 +0000 (+0200) Subject: DOC: Document new socket commands "show tls-keys" and "set ssl tls-key" X-Git-Tag: v1.6-dev2~108 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6985f0f6c4703670db3ef7f4f6a0755ca107879;p=thirdparty%2Fhaproxy.git DOC: Document new socket commands "show tls-keys" and "set ssl tls-key" Signed-off-by: Nenad Merdanovic --- diff --git a/doc/configuration.txt b/doc/configuration.txt index c1e2741fb1..7af647ff73 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -14772,6 +14772,13 @@ set ssl ocsp-response echo "set ssl ocsp-response $(base64 -w 10000 resp.der)" | \ socat stdio /var/run/haproxy.stat +set ssl tls-key + Set the next TLS key for the listener to . This key becomes the + ultimate key, while the penultimate one is used for encryption (others just + decrypt). The oldest TLS key present is overwritten. is either a numeric + # or returned by "show tls-keys". is a base64 encoded 48 + bit TLS ticket key (ex. openssl rand -base64 48). + set table key [data. ]* Create or update a stick-table entry in the table. If the key is not present, an entry is inserted. See stick-table in section 4.2 to find all possible @@ -15006,6 +15013,11 @@ show table [ data. ] | [ key ] | fgrep 'key=' | cut -d' ' -f2 | cut -d= -f2 > abusers-ip.txt ( or | awk '/key/{ print a[split($2,a,"=")]; }' ) +show tls-keys + Dump all loaded TLS ticket keys. The TLS ticket key reference ID and the + file from which the keys have been loaded is shown. Both of those can be + used to update the TLS keys using "set ssl tls-key". + shutdown frontend Completely delete the specified frontend. All the ports it was bound to will be released. It will not be possible to enable the frontend anymore after