Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 6b77f49e789025c0781b28fc551cbe4eb9efceb8^! / . / doc / configuration.txt
commit6b77f49e789025c0781b28fc551cbe4eb9efceb8[log] [tgz]
authorOlivier Houchard <ohouchard@haproxy.com>Thu Nov 22 18:18:29 2018 +0100
committerWilly Tarreau <w@1wt.eu>Thu Nov 22 19:52:44 2018 +0100
tree1278eaaef5a4e30ce2100b2750581fd64931aaa9
parent201b9f4eb50fda988356422dbf2471f741d01fa6 [diff] [blame]
MEDIUM: ssl: Add ssl_bc_alpn and ssl_bc_npn sample fetches.

Add 2 new sample fetches, ssl_bc_alpn and ssl_bc_npn, that provides the
ALPN and the NPN for an outgoing connection.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 30ba032..6570a44 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -14956,6 +14956,17 @@
   Returns the symmetric cipher key size supported in bits when the outgoing
   connection was made over an SSL/TLS transport layer.
 
+ssl_bc_alpn : string
+  This extracts the Application Layer Protocol Negotiation field from an
+  outgoing connection made via a TLS transport layer.
+  The result is a string containing the protocol name negociated with the
+  server. The SSL library must have been built with support for TLS
+  extensions enabled (check haproxy -vv). Note that the TLS ALPN extension is
+  not advertised unless the "alpn" keyword on the "server" line specifies a
+  protocol list. Also, nothing forces the server to pick a protocol from this
+  list, any other one may be requested. The TLS ALPN extension is meant to
+  replace the TLS NPN extension. See also "ssl_bc_npn".
+
 ssl_bc_cipher : string
   Returns the name of the used cipher when the outgoing connection was made
   over an SSL/TLS transport layer.
@@ -14965,6 +14976,16 @@
   layer and the newly created SSL session was resumed using a cached
   session or a TLS ticket.
 
+ssl_bc_npn : string
+  This extracts the Next Protocol Negotiation field from an outgoing connection
+  made via a TLS transport layer. The result is a string containing the
+  protocol name negociated with the server . The SSL library must have been
+  built with support for TLS extensions enabled (check haproxy -vv). Note that
+  the TLS NPN extension is not advertised unless the "npn" keyword on the
+  "server" line specifies a protocol list. Also, nothing forces the server to
+  pick a protocol from this list, any other one may be used. Please note that
+  the TLS NPN extension was replaced with ALPN.
+
 ssl_bc_protocol : string
   Returns the name of the used protocol when the outgoing connection was made
   over an SSL/TLS transport layer.