On Thu, May 07, 2020 at 10:20:15AM +0200, Remi Gacogne wrote:
> Hello,
>
> On 5/7/20 12:01 AM, Lukas Tribus wrote:
> >> I'm fine with that, most people use at least a value of 2048 because of
> >> the warning, their modern distribution will probably deny a lower value,
> >> and we add this warning
Hello,
On 5/7/20 12:01 AM, Lukas Tribus wrote:
>> I'm fine with that, most people use at least a value of 2048 because of
>> the warning, their modern distribution will probably deny a lower value,
>> and we add this warning a long time ago.
>
> I agree, we should default to 2048 and remove warni
Hello,
On Wed, 6 May 2020 at 20:25, William Lallemand wrote:
> > As such I think it's about time we change the default value to 2048 and
> > get rid of this annoying warning before 2.2 gets released (and at the
> > same time 86% of the users will be able to remove one cryptic line in
> > their co
On Wed, May 06, 2020 at 08:25:06PM +0200, William Lallemand wrote:
> I recall a discussion where the default openssl.cnf in some distribution
> was denying a DH lower than 2048. You probably think about this one.
>
Found the commit related to this:
https://github.com/haproxy/haproxy/commit/a9363eb
On Wed, May 06, 2020 at 07:59:55PM +0200, Willy Tarreau wrote:
> Hi all,
>
> while running on a trivial test config in which I had enabled
> "zero-warning", my process refused to start due to the good old
> warning "Setting tune.ssl.default-dh-param to 1024 blah blah".
>
> I was almost certain we
On Wed, May 06, 2020 at 06:10:26PM +, Branitsky, Norman wrote:
> New RHEL 8 Crypto Configuration mentioned in:
>
>
>
> From: ???
>
> Sent: Wednesday, May 6, 2020 5:34 AM
>
> To: HAProxy
>
> Subject: running haproxy with predefined security policies on RHEL8 ?
>
>
>
> Hello,
...@haproxy.com; wlallem...@haproxy.com; remi.gaco...@powerdns.com
Subject: about Warning: Setting tune.ssl.default-dh-param to 1024
Hi all,
while running on a trivial test config in which I had enabled "zero-warning",
my process refused to start due to the good old warning "Setting
t
Hi all,
while running on a trivial test config in which I had enabled
"zero-warning", my process refused to start due to the good old
warning "Setting tune.ssl.default-dh-param to 1024 blah blah".
I was almost certain we discussed about switching the default value
to 2048 for 2.0 or 2.1 but could
8 matches
Mail list logo