On Thu, 29 Nov 2018 02:32:23 +1100, Joel Sing <[email protected]> wrote:
> On Monday 26 November 2018 18:21:56 Daniel Jakots wrote: > > Hi, > > > > Here's the diff to update haproxy to the 1.8 branch. > > Most of the libressl stuff has been done by jsing (thanks!) but he > > did the update to 1.8.13 and 13->14 needed some more fiddling. I > > did them on my own so I guess a review wouldn't hurt. > > > > The 1.8 branch brings HTTP/2 and TLS1.3 but maybe the latter won't > > work because of the libressl vs openssl. I don't know. > > TLSv1.3 is not currently supported by LibreSSL, hence the maximum > that haproxy will negotiate (as a client or server) is going to be > TLSv1.2. Once LibreSSL supports TLSv1.3 it will automatically start > working - the code that this disables relates to 0-RTT data, which > we're unlikely to support (at least initially). Thanks for the explanation! > > I'm dogfooding it and so far it's been good. > > > > I'll be kind and save some users some trouble: don't try to backport > > this diff to 6.4, it won't work. > > Why do you say that? OPENSSL_NO_ASYNC as pointed out by tb. I guess there could be a way to make this update work on 6.4 but let's just say it will be a friendly reminder for users that development happens on -current ;) > > Tests? Comments? OK? > > Looks good to me - ok jsing@. Thanks, I'm going to wait a few more days to let people test it. Cheers, Daniel
