Hi Frederic > Le 27 mars 2017 à 14:45, Willy Tarreau <w...@1wt.eu> a écrit : > > On Fri, Mar 24, 2017 at 12:20:45PM +0100, Willy Tarreau wrote: >> On Tue, Mar 21, 2017 at 07:54:30PM +0100, Frederic Lecaille wrote: >>> Hello HAProxy ML, >>> >>> I am starting this new thread to publish a serie of patches to make >>> all "server" settings be supported on "default-server" lines. >> (...) >> >> Fred, that's overall very clean stuff, thank you. I've already >> applied the first 7 ones. I'll postpone the SSL ones to the end so that >> we know what to do once Emeric and Manu have found a solution which >> satisfies them both :-) > > OK in the end I realized that taking the SSL stuff later would only > complicate things both for you and for Manu/Emeric so I preferred to > take everything now even if some of these have to be adjusted later. > > I'm not much comfortable with the "sslv3" and so on as they easily read > as "use sslv3 only" (for me at least) but we can get rid of them once we > have everything needed with min-tls/max-tls, and if some users want to > keep them anyway then we can complete the doc to mention explicitly what > they do (ie: stop disabling support for sslv3). So that's no big deal. >
If I understand the needs, parameters is to reset settings from default server. For ssl we could have 'ssl-all’ and avoid any ‘no, 'no-no’ tls version ? ++ Manu