MINOR: ssl: support ssl-min-ver and ssl-max-ver with crt-list SSL/TLS version can be changed per certificat if and only if openssl lib support earlier callback on handshake and, of course, is implemented in haproxy. It's ok for BoringSSL. For Openssl, version 1.1.1 have such callback and could support it.

commit: df701a2adbc57670bb6fffd4744f5deae23d11e4 [log] [tgz]
author: Emmanuel Hocdet <manu@gandi.net> Thu May 18 12:46:50 2017 +0200
committer: Willy Tarreau <w@1wt.eu> Fri Jun 02 16:42:09 2017 +0200
tree: 06133607614475dcbc61cd285c8518c0f5110a02
parent: 4aa615ff6bc5803ff4835f9e7f662a3437a52fd9 [diff] [blame]
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 969734c..19c1132 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -10415,7 +10415,8 @@
         <crtfile> [\[<sslbindconf> ...\]] [[!]<snifilter> ...]
 
   sslbindconf support "npn", "alpn", "verify", "ca_file", "crl_file", "ecdhe",
-  "curves", "ciphers" configuration.
+  "curves", "ciphers" configuration. With BoringSSL "ssl-min-ver" and
+  "ssl-max-ver" are also supported.
   It override the configuration set in bind line for the certificate.
 
   Wildcards are supported in the SNI filter. Negative filter are also supported,
commit	df701a2adbc57670bb6fffd4744f5deae23d11e4	[log] [tgz]
author	Emmanuel Hocdet <manu@gandi.net>	Thu May 18 12:46:50 2017 +0200
committer	Willy Tarreau <w@1wt.eu>	Fri Jun 02 16:42:09 2017 +0200
tree	06133607614475dcbc61cd285c8518c0f5110a02
parent	4aa615ff6bc5803ff4835f9e7f662a3437a52fd9 [diff] [blame]