Comment 16 for bug 1841936
Revision history for this message
| Christian Ehrhardt (paelzer) wrote Re: Rebuild haproxy with openssl 1.1.1 will change features (bionic) | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
At first it rejected my config :
Oct 14 10:02:38 b haproxy[27966]: [ALERT] 286/100238 (27966) : parsing [/etc/haproxy/
Oct 14 10:02:38 b haproxy[27966]: [ALERT] 286/100238 (27966) : Error(s) found in configuration file : /etc/haproxy/
Following the addition of the feature [1] I found [2]. From there I experimented with pem files.
# Create small DH parameter:
openssl dhparam -out /etc/haproxy/
# Config haproxy to use that one in /etc/haproxy/
ssl-dh-param-file /etc/haproxy/
But all of that seems like defining static DH params for haproxy.
And the key used in PFS is about an "ephemeral DH key" right?
I still struggle to convince haproxy to do what I want :-/
Everyone with more haproxy knowledge is welcome to give this a try ...
[1]: https://<email address hidden>
[2]: https:/