From 51aa815ed0a53798ef56899daf5fd21bb8ceef81 Mon Sep 17 00:00:00 2001 From: PiBa-NL Date: Sat, 20 Jun 2015 16:05:29 +0200 Subject: haproxy-devel, dont send the root CA cert to clients when using ssl-offloading, its not needed. -cipher example and HSTS textual addition -another try to include lua for haproxy1.6dev package binary --- config/haproxy-devel/www/haproxy_listeners_edit.php | 3 ++- config/haproxy-devel/www/haproxy_pool_edit.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'config/haproxy-devel/www') diff --git a/config/haproxy-devel/www/haproxy_listeners_edit.php b/config/haproxy-devel/www/haproxy_listeners_edit.php index 5b726d08..6998e099 100644 --- a/config/haproxy-devel/www/haproxy_listeners_edit.php +++ b/config/haproxy-devel/www/haproxy_listeners_edit.php @@ -811,7 +811,8 @@ $primaryfrontends = get_haproxy_frontends($excludefrontend); />
NOTE: Paste additional ssl options(without commas) to include on ssl listening options.
- some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets + some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
+ Example: no-sslv3 ciphers EECDH+aRSA+AES:TLSv1+kRSA+AES:TLSv1+kRSA+3DES diff --git a/config/haproxy-devel/www/haproxy_pool_edit.php b/config/haproxy-devel/www/haproxy_pool_edit.php index 5e38b12d..0824e45c 100644 --- a/config/haproxy-devel/www/haproxy_pool_edit.php +++ b/config/haproxy-devel/www/haproxy_pool_edit.php @@ -961,7 +961,7 @@ set by the 'retries' parameter. Advanced - Strict-Transport-Security + HSTS Strict-Transport-Security When configured enables "HTTP Strict Transport Security" leave empty to disable. (only used on 'http' frontends)
WARNING! the domain will only work over https with a valid certificate!
-- cgit v1.2.3