Skip to content

Commit efe8567

Browse files
gstraussgstrauss
authored
Merge pull request #275 from gstrauss/haproxy-ssl-min-ver
haproxy: prefer ssl-min-ver with haproxy 2.2+
2 parents e6dfcec + a43b2a3 commit efe8567

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

src/js/configs.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ module.exports = {
8181
},
8282
haproxy: {
8383
highlighter: 'nginx', // TODO: find better
84-
latestVersion: '2.1',
84+
latestVersion: '3.0',
8585
name: 'HAProxy',
8686
tls13: '1.8.0',
8787
},

src/templates/partials/haproxy.hbs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ global
1212
ssl-default-bind-ciphersuites {{{join output.cipherSuites ":"}}}
1313
{{/if}}
1414
{{/if}}
15-
ssl-default-bind-options{{#if (minver "1.8.0" form.serverVersion)}}{{#unless output.serverPreferredOrder}} prefer-client-ciphers{{/unless}}{{/if}}{{#unless (includes "SSLv3" output.protocols)}} no-sslv3{{/unless}}{{#unless (includes "TLSv1" output.protocols)}} no-tlsv10{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}} no-tlsv11{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}} no-tlsv12{{/unless}} no-tls-tickets
15+
ssl-default-bind-options{{#if (minver "1.8.0" form.serverVersion)}}{{#unless output.serverPreferredOrder}} prefer-client-ciphers{{/unless}}{{/if}}{{#if (minver "2.2.0" form.serverVersion)}} ssl-min-ver {{#if (includes "TLSv1" output.protocols)}}TLSv1.0{{else}}{{output.protocols.[0]}}{{/if}}{{else}}{{#unless (includes "SSLv3" output.protocols)}} no-sslv3{{/unless}}{{#unless (includes "TLSv1" output.protocols)}} no-tlsv10{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}} no-tlsv11{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}} no-tlsv12{{/unless}}{{/if}} no-tls-tickets
1616

1717
{{#if output.ciphers.length}}
1818
ssl-default-server-ciphers {{{join output.ciphers ":"}}}
@@ -22,7 +22,7 @@ global
2222
ssl-default-server-ciphersuites {{{join output.cipherSuites ":"}}}
2323
{{/if}}
2424
{{/if}}
25-
ssl-default-server-options{{#unless (includes "SSLv3" output.protocols)}} no-sslv3{{/unless}}{{#unless (includes "TLSv1" output.protocols)}} no-tlsv10{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}} no-tlsv11{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}} no-tlsv12{{/unless}} no-tls-tickets
25+
ssl-default-server-options{{#if (minver "2.2.0" form.serverVersion)}} ssl-min-ver {{#if (includes "TLSv1" output.protocols)}}TLSv1.0{{else}}{{output.protocols.[0]}}{{/if}}{{else}}{{#unless (includes "SSLv3" output.protocols)}} no-sslv3{{/unless}}{{#unless (includes "TLSv1" output.protocols)}} no-tlsv10{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}} no-tlsv11{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}} no-tlsv12{{/unless}}{{/if}} no-tls-tickets
2626
{{#if output.usesDhe}}
2727

2828
{{#if (minver "1.6.0" form.serverVersion)}}
@@ -45,4 +45,4 @@ frontend ft_test
4545
{{/if}}
4646
{{else}}
4747
Sorry, TLS is not supported in this version of HAProxy.
48-
{{/if}}
48+
{{/if}}

0 commit comments

Comments
 (0)