f46cd6e4ec3ab1bc30d432e5fce358da5d545d12 - haproxy

commit	f46cd6e4ec3ab1bc30d432e5fce358da5d545d12	[log] [tgz]
author	Remi Gacogne <rgacogne[at]aquaray[dot]fr>	Thu Jun 12 14:58:40 2014 +0200
committer	Willy Tarreau <w@1wt.eu>	Thu Jun 12 16:12:23 2014 +0200
tree	fa565c395a66d09eaf2e03371aca293776f6d8a9
parent	b7f1cfc8463382fdb230b537bf297f1ce4854d49 [diff]

MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits

When no static DH parameters are specified, this patch makes haproxy
use standardized (rfc 2409 / rfc 3526) DH parameters with prime lenghts
of 1024, 2048, 4096 or 8192 bits for DHE key exchange. The size of the
temporary/ephemeral DH key is computed as the minimum of the RSA/DSA server
key size and the value of a new option named tune.ssl.default-dh-param.

doc/configuration.txt[diff]
include/common/defaults.h[diff]
include/types/global.h[diff]
src/cfgparse.c[diff]
src/haproxy.c[diff]
src/ssl_sock.c[diff]

6 files changed

tree: fa565c395a66d09eaf2e03371aca293776f6d8a9

contrib/
doc/
ebtree/
examples/
include/
src/
tests/
.gitignore
CHANGELOG
LICENSE
Makefile
README
ROADMAP
SUBVERS
TODO
VERDATE
VERSION