From 608e6e7f65ddd2d00960e34888fd37cd4c214049 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 30 Jun 2020 16:11:36 +0200 Subject: [PATCH] DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list Support for "allow-0rtt" and "ciphersuites" exists for crt-list. Fix issue #721. Should be backported as far as 1.8. (cherry picked from commit 5d03639ba6fa9e7eee8af8fe489101de65d7f6f1) Signed-off-by: Christopher Faulet --- doc/configuration.txt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 310c0a0..2f3fe0e 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -10986,10 +10986,11 @@ crt-list [\[ ...\]] [[!] ...] - sslbindconf support "npn", "alpn", "verify", "ca-file", "no-ca-names", - crl-file", "ecdhe", "curves", "ciphers" configuration. With BoringSSL - and Openssl >= 1.1.1 "ssl-min-ver" and "ssl-max-ver" are also supported. - It override the configuration set in bind line for the certificate. + sslbindconf supports "allow-0rtt", "alpn", "ca-file", "ciphers", + "ciphersuites", "crl-file", "curves", "ecdhe", "no-ca-names", "npn", + "verify" configuration. With BoringSSL and Openssl >= 1.1.1 + "ssl-min-ver" and "ssl-max-ver" are also supported. It overrides the + configuration set in bind line for the certificate. Wildcards are supported in the SNI filter. Negative filter are also supported, only useful in combination with a wildcard filter to exclude a particular SNI. -- 1.7.10.4