On Sat, May 30, 2020 at 04:19:02PM -0400, Joseph C. Sible wrote:
> On Sat, May 30, 2020 at 4:15 PM William Lallemand
> wrote:
> >
> > On Sat, May 30, 2020 at 03:41:51PM -0400, Joseph C. Sible wrote:
> > > Anyway, when max < TLSv1.2, I think we should make min default to max.
> > > I think this is
On Sat, May 30, 2020 at 4:15 PM William Lallemand
wrote:
>
> On Sat, May 30, 2020 at 03:41:51PM -0400, Joseph C. Sible wrote:
> > Anyway, when max < TLSv1.2, I think we should make min default to max.
> > I think this is what you mean by "fallback on min = max", but I'm not
> > 100% sure.
>
>
On Sat, May 30, 2020 at 03:41:51PM -0400, Joseph C. Sible wrote:
> Anyway, when max < TLSv1.2, I think we should make min default to max.
> I think this is what you mean by "fallback on min = max", but I'm not
> 100% sure.
That's exactly what I meant!
> I don't mind the warning (since servers
On Sat, May 30, 2020 at 3:22 PM William Lallemand
wrote:
>
> On Sat, May 30, 2020 at 08:41:04PM +0200, William Lallemand wrote:
> > On Sat, May 30, 2020 at 02:04:56PM -0400, Joseph C. Sible wrote:
> > >
> > > I'm happy about this change, but I notice a flaw in its
> > > implementation: it looks
On Sat, May 30, 2020 at 08:41:04PM +0200, William Lallemand wrote:
> On Sat, May 30, 2020 at 02:04:56PM -0400, Joseph C. Sible wrote:
> > > Thanks for the feedbacks, I made the change and pushed it in the master.
> > >
> >
> > I'm happy about this change, but I notice a flaw in its
> >
On Sat, May 30, 2020 at 02:04:56PM -0400, Joseph C. Sible wrote:
> > Thanks for the feedbacks, I made the change and pushed it in the master.
> >
>
> I'm happy about this change, but I notice a flaw in its
> implementation: it looks like servers that specify "ssl-max-ver
> TLSv1.0" or
On Fri, May 29, 2020 at 3:09 AM William Lallemand
wrote:
>
> On Wed, May 27, 2020 at 12:40:54PM +0200, William Lallemand wrote:
> > Hello List,
> >
> > Since HAProxy 1.8, the minimum default TLS version for bind lines is
> > TLSv10. I was thinking to increase this minimum default to TLSv11 before
On Fri, May 29, 2020 at 11:35:42AM +0200, William Dauchy wrote:
> On Wed, May 27, 2020 at 12:42 PM William Lallemand
> wrote:
> > So in my opinion we should do the same, and set the minimum version to
> > TLSv12 by default on bind lines. It's still configurable with
> > min-ssl-ver if you want
On Wed, May 27, 2020 at 12:42 PM William Lallemand
wrote:
> So in my opinion we should do the same, and set the minimum version to
> TLSv12 by default on bind lines. It's still configurable with
> min-ssl-ver if you want the support for prior TLS versions.
> Does anybody have any objections?
On Fri, May 29, 2020 at 12:58:41PM +0500, Илья Шипицин wrote:
> btw, what is minimal supported openssl version ? 0.9.7 ? how will that work
> on it ?
>
I honestly didn't compile in 0.9.7 for a while, it's quite old. Even on
RHEL5 there is a 0.9.8 version, and the EOL of the extended support of
btw, what is minimal supported openssl version ? 0.9.7 ? how will that work
on it ?
пт, 29 мая 2020 г. в 12:11, William Lallemand :
> On Wed, May 27, 2020 at 12:40:54PM +0200, William Lallemand wrote:
> > Hello List,
> >
> > Since HAProxy 1.8, the minimum default TLS version for bind lines is
>
On Wed, May 27, 2020 at 12:40:54PM +0200, William Lallemand wrote:
> Hello List,
>
> Since HAProxy 1.8, the minimum default TLS version for bind lines is
> TLSv10. I was thinking to increase this minimum default to TLSv11 before
> the 2.2 release. But when we discussed the other day about the DH
Hello,
On Wed, 27 May 2020 at 13:33, Илья Шипицин wrote:
> ср, 27 мая 2020 г. в 16:09, Tim Düsterhus :
>>
>> William,
>>
>> Am 27.05.20 um 12:40 schrieb William Lallemand:
>> > Hello List,
>> >
>> > Since HAProxy 1.8, the minimum default TLS version for bind lines is
>> > TLSv10. I was thinking
Ilya,
Am 27.05.20 um 13:33 schrieb Илья Шипицин:
>> As a data point:
>>
>> The OpenSSL shipped with Debian Buster does not support anything below
>> TLS 1.2 by default [1]. The same is true starting with Ubuntu 20.04 LTS.
>>
>
>
> I know several real-world cases when people had to build their
On 27 May 12:40, William Lallemand wrote:
> Hello List,
>
> Since HAProxy 1.8, the minimum default TLS version for bind lines is
> TLSv10. I was thinking to increase this minimum default to TLSv11 before
> the 2.2 release. But when we discussed the other day about the DH
> param set to 2048 by
ср, 27 мая 2020 г. в 16:09, Tim Düsterhus :
> William,
>
> Am 27.05.20 um 12:40 schrieb William Lallemand:
> > Hello List,
> >
> > Since HAProxy 1.8, the minimum default TLS version for bind lines is
> > TLSv10. I was thinking to increase this minimum default to TLSv11 before
> > the 2.2 release.
William,
Am 27.05.20 um 12:40 schrieb William Lallemand:
> Hello List,
>
> Since HAProxy 1.8, the minimum default TLS version for bind lines is
> TLSv10. I was thinking to increase this minimum default to TLSv11 before
> the 2.2 release. But when we discussed the other day about the DH
> param
as a person running pretty large load balancer installation, I confirm
there are a lot of usages of TLS10.
for example, depending on .net version, default setting might be TLS1.0 if
you run .net 4.5
the ability to turn TLS1.0 without recompile is the must thing to have.
I'm even not sure about
Hello List,
Since HAProxy 1.8, the minimum default TLS version for bind lines is
TLSv10. I was thinking to increase this minimum default to TLSv11 before
the 2.2 release. But when we discussed the other day about the DH
param set to 2048 by default, I read that RHEL 8 was also disabling
TLSv11 by
19 matches
Mail list logo
