projects / haproxy-2.3.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e1c722b) | patch
MEDIUM: ssl: ssl-min-ver and ssl-max-ver compatibility.
authorEmmanuel Hocdet <manu@gandi.net>
Fri, 5 May 2017 16:06:12 +0000 (18:06 +0200)
committerWilly Tarreau <w@1wt.eu>
Fri, 12 May 2017 13:49:05 +0000 (15:49 +0200)
commitabd323395fa528ad5c633fbe7180d9ccb2c26c64
treee833815f9fe71a0320f04a5cc58f502a8fbc24b6tree | snapshot
parente1c722b5e8e34a3e752bcc59fff88e8ebc384785commit | diff
MEDIUM: ssl: ssl-min-ver and ssl-max-ver compatibility.

In haproxy < 1.8, no-sslv3/no-tlsv1x are ignored when force-sslv3/force-tlsv1x
is used (without warning). With this patch, no-sslv3/no-tlsv1x are ignored when
ssl-min-ver or ssl-max-ver is used (with warning).
When all SSL/TLS versions are disable: generate an error, not a warning.
example: ssl-min-ver TLSV1.3 (or force-tlsv13) with a openssl <= 1.1.0.
src/ssl_sock.c diff | blob | history
haproxy-2.3 public tree. Stable production code.