Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / e566ecbea88ec1166faafc6a4b121f3ec08a7853
commite566ecbea88ec1166faafc6a4b121f3ec08a7853[log] [tgz]
authorDavid BERARD <contact@davidberard.fr>Tue Sep 04 15:15:13 2012 +0200
committerWilly Tarreau <w@1wt.eu>Tue Sep 04 15:35:32 2012 +0200
tree6a9c46dd5f2756661cc917c42cb27c38296d4891
parentff9f7698fcefef66bceb1ec32a3da8b14947a594 [diff]
MEDIUM: ssl: add support for prefer-server-ciphers option

I wrote a small path to add the SSL_OP_CIPHER_SERVER_PREFERENCE OpenSSL option
to frontend, if the 'prefer-server-ciphers' keyword is set.

Example :
	bind 10.11.12.13 ssl /etc/haproxy/ssl/cert.pem ciphers RC4:HIGH:!aNULL:!MD5 prefer-server-ciphers

This option mitigate the effect of the BEAST Attack (as I understand), and it
equivalent to :
	- Apache HTTPd SSLHonorCipherOrder option.
	- Nginx ssl_prefer_server_ciphers option.

[WT: added a test for the support of the option]
2 files changed
tree: 6a9c46dd5f2756661cc917c42cb27c38296d4891
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. src/
  7. tests/
  8. .gitignore
  9. CHANGELOG
  10. LICENSE
  11. Makefile
  12. Makefile.bsd
  13. Makefile.osx
  14. README
  15. ROADMAP
  16. SUBVERS
  17. TODO
  18. VERDATE
  19. VERSION