On 2017/6/12 15:14, Lukas Tribus wrote:
> Hello,
>
>
> Am 12.06.2017 um 19:35 schrieb Patrick Hemmer:
>> Would we be able to get a new sample which provides the SSL session
>> master-key?
>> This is so that when performing packet captures with ephemeral ciphers
>> (DHE), we can decrypt the
Hello,
Am 12.06.2017 um 19:35 schrieb Patrick Hemmer:
> Would we be able to get a new sample which provides the SSL session
> master-key?
> This is so that when performing packet captures with ephemeral ciphers
> (DHE), we can decrypt the traffic in the capture.
There is no master key. What you
Would we be able to get a new sample which provides the SSL session
master-key?
This is so that when performing packet captures with ephemeral ciphers
(DHE), we can decrypt the traffic in the capture.
-Patrick
Thanks for the explanation.
I think a parameter like ‘no-ca-names’ could do the job, or you have a better
name?
Manu
> Le 12 juin 2017 à 14:32, Wolvers, Bas a écrit :
>
> If you connect to a haproxy TLS server with CA names on (verify optional or
> required) part
In haproxy 1.8dev, default certificate can now be optional.
This patch allow that.
Manu
0001-MEDIUM-ssl-allow-haproxy-to-start-without-default-ce.patch
Description: Binary data
> Le 29 mai 2017 à 11:09, Emmanuel Hocdet a écrit :
>
>
> Hi Simos,
>
> The workaround is to
If you connect to a haproxy TLS server with CA names on (verify optional or
required) part of the server hello message is the list of CA's that are
accepted.
The client can use this list to decide which certificate to send as its client
certificate.
The problem arises when this list if long,
I don't understand.
CA certs are loaded by haproxy when needed: i.e if 'ca-file’ parameter is used
and ‘verify’ is set to ‘optional’ or ‘required’.
> Le 12 juin 2017 à 13:00, Wolvers, Bas a écrit :
>
> For setups with large amounts of CA certs it can be a really good
Hello,
Please, explain me field Limit of Backend Sessions on stats page.
There is value 200 there always. I can't find any argument for changing it.
I used to use version 1.4 and it showed 0 for that limit.
I tried to send a lot of requests and Max Sessions on Backend was e.g. 900
but limit 200.
For setups with large amounts of CA certs it can be a really good idea to turn
off CA names in the key exchange.
As far as I understand it is optional to send CA names, and it works fine with
these turned off.
This is also called distinguished names.
To do this a single line should not be
9 matches
Mail list logo