BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.
When accepting the max early data, don't set it on the SSL_CTX while parsing
the configuration, as at this point global.tune.maxrewrite may still be -1,
either because it was not set, or because it hasn't been set yet. Instead,
set it for each connection, just after we created the new SSL.
Not doing so meant that we could pretend to accept early data bigger than one
of our buffer.
This should be backported to 2.1, 2.0, 1.9 and 1.8.
(cherry picked from commit
545989f37f56b47a52af410e5c41aa0531dd1ef3)
Signed-off-by: Willy Tarreau <w@1wt.eu>
projects / haproxy-2.1.git / commit