At first it rejected my config :
Oct 14 10:02:38 b haproxy[27966]: [ALERT] 286/100238 (27966) : parsing [/etc/haproxy/haproxy.cfg:22] : 'ssl-dh-param-file': unable to load DH parameters from file </etc/haproxy/ssl.cfg>.
Oct 14 10:02:38 b haproxy[27966]: [ALERT] 286/100238 (27966) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
Following the addition of the feature [1] I found [2]. From there I experimented with pem files.
# Create small DH parameter:
openssl dhparam -out /etc/haproxy/ssl.pem 1024
# Config haproxy to use that one in /etc/haproxy/haproxy.cfg:
ssl-dh-param-file /etc/haproxy/ssl.pem
But all of that seems like defining static DH params for haproxy.
And the key used in PFS is about an "ephemeral DH key" right?
I still struggle to convince haproxy to do what I want :-/
Everyone with more haproxy knowledge is welcome to give this a try ...
At first it rejected my config : haproxy. cfg:22] : 'ssl-dh- param-file' : unable to load DH parameters from file </etc/haproxy/ ssl.cfg> . haproxy. cfg
Oct 14 10:02:38 b haproxy[27966]: [ALERT] 286/100238 (27966) : parsing [/etc/haproxy/
Oct 14 10:02:38 b haproxy[27966]: [ALERT] 286/100238 (27966) : Error(s) found in configuration file : /etc/haproxy/
Following the addition of the feature [1] I found [2]. From there I experimented with pem files.
# Create small DH parameter: ssl.pem 1024 haproxy. cfg: ssl.pem
openssl dhparam -out /etc/haproxy/
# Config haproxy to use that one in /etc/haproxy/
ssl-dh-param-file /etc/haproxy/
But all of that seems like defining static DH params for haproxy.
And the key used in PFS is about an "ephemeral DH key" right?
I still struggle to convince haproxy to do what I want :-/
Everyone with more haproxy knowledge is welcome to give this a try ...
[1]: https://<email address hidden> /msg18086. html /www.openssl. org/docs/ man1.0. 2/man3/ PEM_read_ bio_DHparams. html
[2]: https:/