]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ff9f769) | patch
MEDIUM: ssl: add support for prefer-server-ciphers option
authorDavid BERARD <contact@davidberard.fr>
Tue, 4 Sep 2012 13:15:13 +0000 (15:15 +0200)
committerWilly Tarreau <w@1wt.eu>
Tue, 4 Sep 2012 13:35:32 +0000 (15:35 +0200)
commite566ecbea88ec1166faafc6a4b121f3ec08a7853
tree6a9c46dd5f2756661cc917c42cb27c38296d4891tree
parentff9f7698fcefef66bceb1ec32a3da8b14947a594commit | diff
MEDIUM: ssl: add support for prefer-server-ciphers option

I wrote a small path to add the SSL_OP_CIPHER_SERVER_PREFERENCE OpenSSL option
to frontend, if the 'prefer-server-ciphers' keyword is set.

Example :
bind 10.11.12.13 ssl /etc/haproxy/ssl/cert.pem ciphers RC4:HIGH:!aNULL:!MD5 prefer-server-ciphers

This option mitigate the effect of the BEAST Attack (as I understand), and it
equivalent to :
- Apache HTTPd SSLHonorCipherOrder option.
- Nginx ssl_prefer_server_ciphers option.

[WT: added a test for the support of the option]
include/types/protocols.h diff | blob | blame | history
src/cfgparse.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git