mirror/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git synced 2026-02-10 11:02:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e566ecbea88ec1166faafc6a4b121f3ec08a7853
haproxy/include/types
History
David BERARD e566ecbea8 MEDIUM: ssl: add support for prefer-server-ciphers option 
I wrote a small path to add the SSL_OP_CIPHER_SERVER_PREFERENCE OpenSSL option
to frontend, if the 'prefer-server-ciphers' keyword is set.

Example :
	bind 10.11.12.13 ssl /etc/haproxy/ssl/cert.pem ciphers RC4:HIGH:!aNULL:!MD5 prefer-server-ciphers

This option mitigate the effect of the BEAST Attack (as I understand), and it
equivalent to :
	- Apache HTTPd SSLHonorCipherOrder option.
	- Nginx ssl_prefer_server_ciphers option.

[WT: added a test for the support of the option]
2012-09-04 15:35:32 +02:00
..
acl.h
MEDIUM: acl: support IPv6 address matching
2012-05-08 21:28:14 +02:00
arg.h
REORG: buffers: split buffers into chunk,buffer,channel
2012-09-03 20:47:32 +02:00
auth.h
backend.h
BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
2012-05-19 19:09:46 +02:00
capture.h
channel.h
CLEANUP: frontend: remove the old proxy protocol decoder
2012-09-03 20:47:35 +02:00
checks.h
MINOR: checks: add on-marked-up option
2012-06-03 23:48:42 +02:00
connection.h
MEDIUM: connection: add a new handshake flag for SSL (CO_FL_SSL_WAIT_HS).
2012-09-03 20:49:14 +02:00
counters.h
[MINOR] stats: report the number of requests intercepted by the frontend
2011-09-10 23:32:41 +02:00
fd.h
CLEANUP: includes: fix includes for a number of users of fd.h
2012-09-03 20:49:14 +02:00
freq_ctr.h
global.h
MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size.
2012-09-03 22:36:33 +02:00
hdr_idx.h
lb_chash.h
lb_fas.h
MEDIUM: backend: add the 'first' balancing algorithm
2012-02-21 22:27:27 +01:00
lb_fwlc.h
lb_fwrr.h
lb_map.h
log.h
REORG: buffers: split buffers into chunk,buffer,channel
2012-09-03 20:47:32 +02:00
peers.h
CLEANUP: connection: split sock_ops into data_ops, app_cp and si_ops
2012-09-03 20:47:31 +02:00
pipe.h
port_range.h
proto_http.h
REORG: buffers: split buffers into chunk,buffer,channel
2012-09-03 20:47:32 +02:00
proto_tcp.h
protocols.h
MEDIUM: ssl: add support for prefer-server-ciphers option
2012-09-04 15:35:32 +02:00
proxy.h
REORG: buffers: split buffers into chunk,buffer,channel
2012-09-03 20:47:32 +02:00
queue.h
sample.h
CLEANUP: includes: fix includes for a number of users of fd.h
2012-09-03 20:49:14 +02:00
server.h
MEDIUM: config: add "nosslv3" and "notlsv1" on bind and server lines
2012-09-03 23:55:16 +02:00
session.h
MAJOR: session: introduce embryonic sessions
2012-09-03 20:47:35 +02:00
signal.h
stick_table.h
[MEDIUM] IPv6 support for stick-tables
2011-03-29 01:09:14 +02:00
stream_interface.h
MEDIUM: stream_interface: remove CAP_SPLTCP/CAP_SPLICE flags
2012-09-03 20:47:34 +02:00
task.h
template.h