Changed the Diffie Hellman parameter maximum size
This introduces the variable haproxy_ssl_dh_param It sets the maximum size of the DH parameters used for generating key in DHE key exchange. Higher values increase CPU load but is more secure. This value is ignored if static DH params are given in cert file. Change-Id: Idca02a8337fa3790ddfb849d9e2e87d60076c399
This commit is contained in:
parent
88c948c455
commit
c9c6aa292b
@ -71,6 +71,7 @@ haproxy_bind_on_non_local: False
|
|||||||
|
|
||||||
## haproxy SSL
|
## haproxy SSL
|
||||||
haproxy_ssl: no
|
haproxy_ssl: no
|
||||||
|
haproxy_ssl_dh_param: 2048
|
||||||
haproxy_ssl_self_signed_regen: no
|
haproxy_ssl_self_signed_regen: no
|
||||||
haproxy_ssl_cert: /etc/ssl/certs/haproxy.cert
|
haproxy_ssl_cert: /etc/ssl/certs/haproxy.cert
|
||||||
haproxy_ssl_key: /etc/ssl/private/haproxy.key
|
haproxy_ssl_key: /etc/ssl/private/haproxy.key
|
||||||
|
@ -10,6 +10,7 @@ global
|
|||||||
maxconn 4096
|
maxconn 4096
|
||||||
tune.bufsize 384000
|
tune.bufsize 384000
|
||||||
stats socket /var/run/haproxy.stat level admin mode 600
|
stats socket /var/run/haproxy.stat level admin mode 600
|
||||||
|
{% if haproxy_ssl | bool %}tune.ssl.default-dh-param {{haproxy_ssl_dh_param}}{% endif %}
|
||||||
|
|
||||||
defaults
|
defaults
|
||||||
log global
|
log global
|
||||||
|
Loading…
Reference in New Issue
Block a user