Hi Willy, On Tue, Jan 5, 2021 at 5:23 PM Willy Tarreau <w...@1wt.eu> wrote: > as I suspected in issue #1020, another user got trapped not enabling > SSL when building from sources (probably for the first time, as it > happens to everyone to build haproxy for the first time). > > Given that haproxy's main target is HTTP and that these days it often > comes with SSL (and it doesn't seem like it's going to revert soon), > I was wondering if it would be a good idea for 2.4 and onwards to preset > USE_OPENSSL=1 by default. At least users who face build errors will have > a glance at the README and figure how to disable it if they don't want > it. But providing a successful build which misses some essential features > doesn't sound like a very good long-term solution to me. > > I'm interested in any opinion here.
I used to think most people use `use_openssl=1` and wondered why it was not the default, but I recently discovered a large setup not making use of tls. The market is however strongly moving towards end to end encryption so I would say it makes sense to have use_openssl=1 by default. People like things which work out of the box without reading any doc. So I'm quite a supporter of that change. A developer/maintainer knows how to deactivate it for test purposes to reply to Tim's comment even if it is longer to type. -- William
