On Tue, Jul 05, 2022 at 11:15:25AM +0500, Илья Шипицин wrote: > I tried to run on Ubuntu 22.04, it is shipped with OpenSSL-3.0 and > SECLEVEL=2 by default (probably it is correct for RedHat 9 as well ?) > > test · chipitsine/haproxy@1d69992 (github.com) > <https://github.com/chipitsine/haproxy/runs/7163834085?check_suite_focus=true#step:16:602> > > ssl - What could cause "dh key too small" error? - Stack Overflow > <https://stackoverflow.com/questions/61626206/what-could-cause-dh-key-too-small-error> > > if nobody minds, I'll add SECLEVEL=2 to CI. > shall we run *only* SECLEVEL=2 or shall we expand build matrix ? >
That's not a good idea, this is supposed to be the default in a lot of distribution and this could hide a lot of problems. HAProxy must works with this default settings, the failing reg-test must be fixed instead. -- William Lallemand