On Monday 26 November 2018 18:21:56 Daniel Jakots wrote: > Hi, > > Here's the diff to update haproxy to the 1.8 branch. > Most of the libressl stuff has been done by jsing (thanks!) but he did > the update to 1.8.13 and 13->14 needed some more fiddling. I did them > on my own so I guess a review wouldn't hurt. > > The 1.8 branch brings HTTP/2 and TLS1.3 but maybe the latter won't work > because of the libressl vs openssl. I don't know.
TLSv1.3 is not currently supported by LibreSSL, hence the maximum that haproxy will negotiate (as a client or server) is going to be TLSv1.2. Once LibreSSL supports TLSv1.3 it will automatically start working - the code that this disables relates to 0-RTT data, which we're unlikely to support (at least initially). > I'm dogfooding it and so far it's been good. > > I'll be kind and save some users some trouble: don't try to backport > this diff to 6.4, it won't work. Why do you say that? > Tests? Comments? OK? Looks good to me - ok jsing@. > Cheers, > Daniel
