On 03/22/2017 05:30 PM, Emmanuel Hocdet wrote:
Hi Fred,
Hi Emmanuel,
Le 21 mars 2017 à 23:14, Willy Tarreau <[email protected]> a écrit :
On Tue, Mar 21, 2017 at 07:54:30PM +0100, Frederic Lecaille wrote:
Hello HAProxy ML,
I am starting this new thread to publish a serie of patches to make
all "server" settings be supported on "default-server" lines.
This is a preliminary work for "server templates" feature.
New boolean settings have been added to disable others. Most of them
have "no-" as prefix.
(...)
Wow I didn't realize you had already done all this! That's really cool!
I agree :)
Here is an exhaustive list:
(...)
"sslv2" disables "no-sslv3",
"ssl-reuse" disables "no-ssl-reuse",
"stick" disables "non-stick",
"tlsv10" disables "no-tlsv10",
"tlsv11" disables "no-tlsv11",
"tlsv12" disables "no-tlsv12",
"tls-tickets" disables "no-tls-tickets".
Hmmm I hadn't thought about these ones, I suspect they'll cause more
confusion than anything else, especially given that the "tlsv11" above
cancelling "no-tlsv11" is not the same as "force-tlsv11". We need to
discuss this with Emeric, he's already scratching his head around these
ones without these double negations, he will hate us now :-)
I have patches sent in the ML who change the internal implementation of
no/force-tlsxx and add min/max-tlsxx (who can replace no/force usage).
It could simplify (or not) what you want to do, but there will be an impact on
your patches if they are accepted.
++
Manu
Ok. Thank your for these information Emmanuel,
Fred
