]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b7f1cfc) | patch
MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits
authorRemi Gacogne <rgacogne[at]aquaray[dot]fr>
Thu, 12 Jun 2014 12:58:40 +0000 (14:58 +0200)
committerWilly Tarreau <w@1wt.eu>
Thu, 12 Jun 2014 14:12:23 +0000 (16:12 +0200)
commitf46cd6e4ec3ab1bc30d432e5fce358da5d545d12
treefa565c395a66d09eaf2e03371aca293776f6d8a9tree
parentb7f1cfc8463382fdb230b537bf297f1ce4854d49commit | diff
MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits

When no static DH parameters are specified, this patch makes haproxy
use standardized (rfc 2409 / rfc 3526) DH parameters with prime lenghts
of 1024, 2048, 4096 or 8192 bits for DHE key exchange. The size of the
temporary/ephemeral DH key is computed as the minimum of the RSA/DSA server
key size and the value of a new option named tune.ssl.default-dh-param.
doc/configuration.txt diff | blob | blame | history
include/common/defaults.h diff | blob | blame | history
include/types/global.h diff | blob | blame | history
src/cfgparse.c diff | blob | blame | history
src/haproxy.c diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git