projects / haproxy-2.1.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 749f5ca) | patch
BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites
authorPierre Cheynier <p.cheynier@criteo.com>
Thu, 21 Mar 2019 16:15:47 +0000 (16:15 +0000)
committerWilly Tarreau <w@1wt.eu>
Fri, 22 Mar 2019 16:24:14 +0000 (17:24 +0100)
commitbc34cd1de2ee80de63b5c4d319a501fc0d4ea2f5
tree1eb26c21c8fcf6cb8c00a30ee447a22574944a22tree | snapshot
parent749f5cab83e15594ea88f36fed16a806af824264commit | diff
BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites

Any attempt to put TLS 1.3 ciphers on servers failed with output 'unable
to set TLS 1.3 cipher suites'.

This was due to usage of SSL_CTX_set_cipher_list instead of
SSL_CTX_set_ciphersuites in the TLS 1.3 block (protected by
OPENSSL_VERSION_NUMBER >= 0x10101000L & so).

This should be backported to 1.9 and 1.8.

Signed-off-by: Pierre Cheynier <p.cheynier@criteo.com>
Reported-by: Damien Claisse <d.claisse@criteo.com>
Cc: Emeric Brun <ebrun@haproxy.com>
src/ssl_sock.c diff | blob | history
haproxy-2.1 public tree. Stable production code.