Re: [Patches] TLS methods configuration reworked

Emmanuel Hocdet Fri, 31 Mar 2017 06:15:06 -0700

Le 31 mars 2017 à 11:02, Emeric Brun <[email protected]> a écrit :

Hi Emmanuel,

On 03/30/2017 07:44 PM, Emmanuel Hocdet wrote:
The right patch series ...

Le 30 mars 2017 à 19:00, Emmanuel Hocdet <[email protected]> a écrit :

Hi Emeric, Willy

Rework of patches serie to match default-server requirement and talk with Willy.
It should be easier to follow.

Le 27 mars 2017 à 16:15, Emeric Brun <[email protected]> a écrit :

Hi Manu,

What kind of api and dependency? To generate haproxy configuration?
Generate min-tlsv10 or ssl-min tlsv10 will not change anything.

For word based API parser/generator, as the one embedded in haproxy's hardware proxy, it does :)

I pushed the min-/max- parameter at the end to easily change with your needs.

This not what i expected. The haproxy's appliances API parser is word based.

To be clear, it is much more easy to maintain if there is only two attributes 'ssl-min-ver' and 'ssl-max-ver' with a set of possible values (sslv3 tlsv10 ...)

So what i expect is only two keyword configuration 'ssl-max-ver' ans 'ssl-min-ver' which should handle an arg containing the protocol version in a string format:

i.e.

bind 0.0.0.0:443 ssl crt my.pem ssl-min-ver tlsv10 ssl-max-ver tlsv13

yes, i delayed this change (lack of time).

last patch with 'ssl-min-ver' and 'ssl-max-ver' with argument SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3

Manu

0006-MEDIUM-ssl-add-ssl-min-ver-and-ssl-max-ver-parameter.patch
Description: Binary data

Re: [Patches] TLS methods configuration reworked

Reply via email to