Perfect, thank you all. Classical choice between "upgrade" and "backport" now __
Le 29/06/2020 12:59, « Tim Düsterhus » a écrit :
Stephane,
Am 29.06.20 um 12:56 schrieb Stephane Martin (stepham2):
> Thank you for your quick answers!
>
> So I understand that it is possible
Stephane,
Am 29.06.20 um 12:56 schrieb Stephane Martin (stepham2):
> Thank you for your quick answers!
>
> So I understand that it is possible for haproxy >= 2.1. For haproxy 2.0, got
> to backport the sha2 filter, right ?
That is correct. I expect the commit I linked to apply pretty
Thank you for your quick answers!
So I understand that it is possible for haproxy >= 2.1. For haproxy 2.0, got to
backport the sha2 filter, right ?
Stephane
Le 29/06/2020 12:54, « Tim Düsterhus » a écrit :
Jarno,
Am 29.06.20 um 12:46 schrieb Jarno Huuskonen:
>> The ssl_c_sha1
Jarno,
Am 29.06.20 um 12:46 schrieb Jarno Huuskonen:
>> The ssl_c_sha1 is simply a hash of the DER representation of the
>> certificate. So you can just hash it with the sha2 converter:
>>
>> ssl_c_sha256,sha2(256)
>
> I think the first fetch should be ssl_c_der ?
> (ssl_c_der,sha2(256))
>
Hi,
On Mon, 2020-06-29 at 12:37 +0200, Tim Düsterhus wrote:
> Stephane,
>
> Am 29.06.20 um 12:01 schrieb Stephane Martin (stepham2):
> > In haproxy documentation I don't see any option to work with the sha256
> > fingerprint of the peer certificate.
> >
> > - Is there any other way to get that
Hi,
On Mon, 2020-06-29 at 10:01 +, Stephane Martin (stepham2) wrote:
> Hello,
>
> I’m trying to setup TLS mutual authentication using pinned certificates in
> haproxy, ie. only accept a precise known certificate from the peer.
>
> It is definitively possible using ACL and ssl_c_sha1, so
Stephane,
Am 29.06.20 um 12:01 schrieb Stephane Martin (stepham2):
> In haproxy documentation I don't see any option to work with the sha256
> fingerprint of the peer certificate.
>
> - Is there any other way to get that ?
Yes, see this commit message:
Hello,
I’m trying to setup TLS mutual authentication using pinned certificates in
haproxy, ie. only accept a precise known certificate from the peer.
It is definitively possible using ACL and ssl_c_sha1, so that the route will
only be accessible if the peer certificate has the right SHA1
Dear business owner of haproxy.com*.*
I want to reach you out to learn whether you are in need of kinda digital
marketing help. I’m sure; we can help you in improving your sales &
revenue, and getting enough visitors. Our top priority will be better
business and brand value of haproxy.com*.*
9 matches
Mail list logo