Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / f5da49392a96083e56a21cf3fd57c935b40d8aee^! / . / doc
commitf5da49392a96083e56a21cf3fd57c935b40d8aee[log] [tgz]
authorEmeric Brun <ebrun@exceliance.fr>Fri Sep 28 19:42:54 2012 +0200
committerWilly Tarreau <w@1wt.eu>Tue Oct 02 08:34:38 2012 +0200
tree7fdfa985333e988ac1b57b98b8468565ee43ccea
parentc0ff4924c0aedb9d91490b5ee52ee601ca9c2884 [diff]
DOC: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'.

This applies both to "bind" and "server" statements.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 72c013a..409f1ba 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -6897,12 +6897,24 @@
   SSL is supported. Note that SSLv2 is forced disabled in the code and cannot
   be enabled using any configuration option.
 
-notlsv1
+notlsv10
   This setting is only available when support for OpenSSL was built in. It
-  disables support for TLSv1 on any sockets instanciated from the listener when
+  disables support for TLSv10 on any sockets instanciated from the listener when
   SSL is supported. Note that SSLv2 is forced disabled in the code and cannot
   be enabled using any configuration option.
 
+notlsv11
+  This setting is only available when support for OpenSSL was built in. It
+  disables support for TLSv11 on any sockets instanciated from the listener when
+  SSL is supported. Note that SSLv2 is forced disabled in the code and cannot
+  be enabled using any configuration option.
+
+notlsv12
+  This setting is only available when support for OpenSSL was built in. It
+  disables support for TLSv12 on any sockets instanciated from the listener when
+  SSL is supported. Note that SSLv2 is forced disabled in the code and cannot
+  be enabled using any configuration option.
+
 prefer-server-ciphers
   This setting is only available when support for OpenSSL was built in. It
   tells the SSL/TLS layer that our set of cipher algorithms is preferred over
@@ -7126,8 +7138,20 @@
   the server. Note that SSLv2 is disabled in the code and cannot be enabled
   using any configuration option.
 
+notlsv10
+  This option disables support for TLSv10 when SSL is used to communicate with
+  the server. Note that SSLv2 is disabled in the code and cannot be enabled
+  using any configuration option. TLSv1 is more expensive than SSLv3 so it
+  often makes sense to disable it when communicating with local servers.
+
+notlsv11
+  This option disables support for TLSv11 when SSL is used to communicate with
+  the server. Note that SSLv2 is disabled in the code and cannot be enabled
+  using any configuration option. TLSv1 is more expensive than SSLv3 so it
+  often makes sense to disable it when communicating with local servers.
+
-notlsv1
-  This option disables support for TLSv1 when SSL is used to communicate with
+notlsv12
+  This option disables support for TLSv12 when SSL is used to communicate with
   the server. Note that SSLv2 is disabled in the code and cannot be enabled
   using any configuration option. TLSv1 is more expensive than SSLv3 so it
   often makes sense to disable it when communicating with local servers.