commit | abd323395fa528ad5c633fbe7180d9ccb2c26c64 | [log] [tgz] |
---|---|---|
author | Emmanuel Hocdet <manu@gandi.net> | Fri May 05 18:06:12 2017 +0200 |
committer | Willy Tarreau <w@1wt.eu> | Fri May 12 15:49:05 2017 +0200 |
tree | e833815f9fe71a0320f04a5cc58f502a8fbc24b6 | |
parent | e1c722b5e8e34a3e752bcc59fff88e8ebc384785 [diff] |
MEDIUM: ssl: ssl-min-ver and ssl-max-ver compatibility. In haproxy < 1.8, no-sslv3/no-tlsv1x are ignored when force-sslv3/force-tlsv1x is used (without warning). With this patch, no-sslv3/no-tlsv1x are ignored when ssl-min-ver or ssl-max-ver is used (with warning). When all SSL/TLS versions are disable: generate an error, not a warning. example: ssl-min-ver TLSV1.3 (or force-tlsv13) with a openssl <= 1.1.0.