upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-03-25 11:54:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
haproxy/reg-tests/ssl
History
Remi Tricot-Le Breton 1d6338ea96 MEDIUM: ssl: Disable DHE ciphers by default 
DHE ciphers do not present a security risk if the key is big enough but
they are slow and mostly obsoleted by ECDHE. This patch removes any
default DH parameters. This will effectively disable all DHE ciphers
unless a global ssl-dh-param-file is defined, or
tune.ssl.default-dh-param is set, or a frontend has DH parameters
included in its PEM certificate. In this latter case, only the frontends
that have DH parameters will have DHE ciphers enabled.
Adding explicitely a DHE ciphers in a "bind" line will not be enough to
actually enable DHE. We would still need to know which DH parameters to
use so one of the three conditions described above must be met.

This request was described in GitHub issue #1604.
2022-04-20 17:30:55 +02:00
..
generate_certificates REGTESTS: ssl: Add test for "generate-certificates" SSL option 2022-02-09 12:10:32 +01:00
add_ssl_crt-list.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
ca-auth.crt REGTEST: ssl: test the client certificate authentication 2020-04-28 22:04:13 +02:00
cert1-example.com.pem.ecdsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
cert1-example.com.pem.rsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
cert2-example.com.pem.ecdsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
cert2-example.com.pem.rsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
client.ecdsa.pem REGTESTS: ssl: Add test for "curves" and "ecdhe" SSL options 2022-02-09 11:15:44 +01:00
client1.pem MINOR: ssl: add ssl_{c,s}_chain_der fetch methods 2020-08-07 15:38:40 +02:00
client2_expired.pem REGTEST: ssl: test the client certificate authentication 2020-04-28 22:04:13 +02:00
client3_revoked.pem REGTEST: ssl: test the client certificate authentication 2020-04-28 22:04:13 +02:00
common.4096.dh REGTESTS: ssl: Add tests for DH related options 2022-02-14 10:07:14 +01:00
common.crt REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
common.key REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
common.pem MINOR: ssl: add ssl_{c,s}_chain_der fetch methods 2020-08-07 15:38:40 +02:00
crl-auth.pem REGTEST: ssl: test the client certificate authentication 2020-04-28 22:04:13 +02:00
del_ssl_crt-list.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
dynamic_server_ssl.vtc MEDIUM: server: remove experimental-mode for dynamic servers 2022-03-11 14:28:28 +01:00
ecdsa.crt REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
ecdsa.key REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
ecdsa.pem REGTEST: ssl: test the "set ssl cert" CLI command 2019-12-19 13:51:38 +01:00
filters.crt-list REGTEST: ssl: test wildcard and multi-type + exclusions 2020-11-06 14:59:36 +01:00
interCA1_crl.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
interCA1_crl_empty.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
interCA2_crl.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
interCA2_crl_empty.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
localhost.crt-list REGTEST: ssl: pollute the crt-list file 2020-04-01 20:10:53 +02:00
new_del_ssl_cafile.vtc REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check 2021-12-10 16:16:02 +01:00
new_del_ssl_crlfile.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
README MINOR: reg-tests: Add a few regression testing files. 2018-06-20 10:03:24 +02:00
rootCA_crl.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
set_cafile_client.pem REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_interCA1.crt REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_interCA2.crt REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_rootCA.crt REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_server.pem REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_default_cert.crt-list BUG/MINOR: ssl: Fix update of default certificate 2021-03-26 13:06:29 +01:00
set_default_cert.pem BUG/MINOR: ssl: Fix update of default certificate 2021-03-26 13:06:29 +01:00
set_ssl_cafile.vtc REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check 2021-12-10 16:16:02 +01:00
set_ssl_cert.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
set_ssl_cert_bundle.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
set_ssl_cert_noext.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
set_ssl_crlfile.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
set_ssl_server_cert.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
show_ocsp_server.pem REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ocsp_server.pem.issuer REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ocsp_server.pem.ocsp REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ocsp_server.pem.ocsp.revoked REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ssl_ocspresponse.vtc REGTESTS: ssl: skip show_ssl_ocspresponse.vtc when BoringSSL is used 2022-02-02 17:48:02 +01:00
simple.crt-list BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded 2020-11-06 16:39:39 +01:00
ssl_client_auth.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
ssl_client_samples.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
ssl_crt-list_filters.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
ssl_curves.vtc REGTESTS: ssl: Add test for "curves" and "ecdhe" SSL options 2022-02-09 11:15:44 +01:00
ssl_default_server.vtc REGTESTS: ssl: fix ssl_default_server.vtc 2021-12-29 18:20:19 +01:00
ssl_dh.vtc MEDIUM: ssl: Disable DHE ciphers by default 2022-04-20 17:30:55 +02:00
ssl_errors.vtc REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2 2022-01-11 20:02:37 +01:00
ssl_frontend_samples.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
ssl_generate_certificate.vtc REGTESTS: ssl: Add test for "generate-certificates" SSL option 2022-02-09 12:10:32 +01:00
ssl_reuse.vtc REGTESTS: ssl: test the TLS resumption 2021-11-19 04:07:07 +01:00
ssl_server_samples.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
ssl_simple_crt-list.vtc REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
wrong_ctx_storage.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00

README 

File list:
 - common.pem: PEM file which may be used by most of the VTC files.