Re: [PATCH] support Openssl 1.1.1 early callback API for HS

2017-09-04 Thread Emmanuel Hocdet
link on openssl 1.1.1 API doc: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_early_cb.html NOTES […] "It is also recommended that applications utilize an early callback and not use a servername callback, in order to avoid unexpected behavior that occurs due to the relative order of

[PATCH] support Openssl 1.1.1 early callback API for HS

2017-09-04 Thread Emmanuel Hocdet
Hi Emeric, Christopher If you can review when you have time. (3) for Christopher. This patches allows to support native multicert selection (RSA/ECDSA) and ssl-min-ver/ ssl-max-ver per certificat with openssl 1.1.1 (boringssl is the only one to support this until this patch). patches: 1) Conver

Re: [PATCH] MINOR: ssl: rework smp_fetch_ssl_fc_cl_str without internal ssl use

2017-09-04 Thread Emeric Brun
Hi Thierry, On 09/01/2017 06:07 PM, Emmanuel Hocdet wrote: > Hi Thierry, > > This patch is related to « Capturing browser TLS cipher suites » thread. > I think it will be match the initial need but without internal ssl structure > usage and. > work with openssl 1.0.2 to 1.1.1 and boringssl. > >

Re: [PATCH] MINOR: ssl: remove duplicate ssl_methods in struct bind_conf

2017-09-04 Thread Emeric Brun
On 08/09/2017 07:07 PM, Emmanuel Hocdet wrote: > Hi Willy, > > Patch is not related to openssl version x. It’s a internal structure cleanup. > I don’t label it as CLEANUP because it remove a potential source of errors > (this is debatable). > If you can consider it. > > Thanks. > Manu > > >

[PATCH] BUG/MEDIUM: http: Fix a regression bug when a HTTP response is in TUNNEL mode

2017-09-04 Thread Christopher Faulet
Hi all, Finally I reworked my previous patch. This one should fix the bug, without side effect (AFAIK). It fixes slowdowns experienced on 1.7.9 for HTTP responses with undefined body length when the compression is enabled. -- Christopher Faulet >From c42035858a58786c296ae3cf3c2420e4fe82aad0 M

Re: Kernel TLS for http/2

2017-09-04 Thread Aleksandar Lazic
Hi Aleksandar Lazic, Aleksandar Lazic wrote on 04.09.2017: > Hi, > Have anyone seen KTLS also? > https://lwn.net/Articles/666509/ > https://netdevconf.org/1.2/papers/ktls.pdf > looks pretty interesting. In the slides is haproxy mentioned ;-) https://github.com/ktls/af_ktls => Feb 5th 2017,

Kernel TLS for http/2

2017-09-04 Thread Aleksandar Lazic
Hi, Have anyone seen KTLS also? https://lwn.net/Articles/666509/ https://netdevconf.org/1.2/papers/ktls.pdf looks pretty interesting. -- Best Regards Aleks