DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list
Support for "allow-0rtt" and "ciphersuites" exists for crt-list.
Fix issue #721.
Should be backported as far as 1.8.
(cherry picked from commit 5d03639ba6fa9e7eee8af8fe489101de65d7f6f1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 608e6e7f65ddd2d00960e34888fd37cd4c214049)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/doc/configuration.txt b/doc/configuration.txt
index b5e37f7..3b6d56e 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -11609,10 +11609,11 @@
<crtfile> [\[<sslbindconf> ...\]] [[!]<snifilter> ...]
- sslbindconf support "npn", "alpn", "verify", "ca-file", "no-ca-names",
- crl-file", "ecdhe", "curves", "ciphers" configuration. With BoringSSL
- and Openssl >= 1.1.1 "ssl-min-ver" and "ssl-max-ver" are also supported.
- It override the configuration set in bind line for the certificate.
+ sslbindconf supports "allow-0rtt", "alpn", "ca-file", "ciphers",
+ "ciphersuites", "crl-file", "curves", "ecdhe", "no-ca-names", "npn",
+ "verify" configuration. With BoringSSL and Openssl >= 1.1.1
+ "ssl-min-ver" and "ssl-max-ver" are also supported. It overrides the
+ configuration set in bind line for the certificate.
Wildcards are supported in the SNI filter. Negative filter are also supported,
only useful in combination with a wildcard filter to exclude a particular SNI.