haproxy ssl相关配置

ssl-default-bind-options [<option>]...
  This setting is only available when support for OpenSSL was built in. It sets
  default ssl-options to force on all "bind" lines. Please check the "bind"
  keyword to see available options.

  Example:
        global
           ssl-default-bind-options no-sslv3 no-tls-tickets
		   
		   
ssl-default-bind-options	


这个设置是只可用的当支持OpenSSL ,它设置  default ssl-options  为force 在所有的bind 项,

请检查 bind 关键字 来查看可用的选项:
  Example:
        global
           ssl-default-bind-options no-sslv3 no-tls-tickets
		   
force-sslv3
  This option enforces use of SSLv3 only on SSL connections instantiated from
  this listener. SSLv3 is generally less expensive than the TLS counterparts
  for high connection rates. This option is also available on global statement
  "ssl-default-bind-options". See also "no-tlsv*" and "no-sslv3".

force-tlsv10
  This option enforces use of TLSv1.0 only on SSL connections instantiated from
  this listener. This option is also available on global statement
  "ssl-default-bind-options". See also "no-tlsv*" and "no-sslv3".

force-tlsv11
  This option enforces use of TLSv1.1 only on SSL connections instantiated from
  this listener. This option is also available on global statement
  "ssl-default-bind-options". See also "no-tlsv*", and "no-sslv3".

force-tlsv12
  This option enforces use of TLSv1.2 only on SSL connections instantiated from
  this listener. This option is also available on global statement
  "ssl-default-bind-options". See also "no-tlsv*", and "no-sslv3".
  
  
  no-sslv3
  This option disables support for SSLv3 when SSL is used to communicate with
  the server. Note that SSLv2 is disabled in the code and cannot be enabled
  using any configuration option. See also "force-sslv3", "force-tlsv*".

  Supported in default-server: No
  
  
  no-sslv3 
  
  这个选项 关闭支持SSLV3 当SSL是用于和server通讯,
  
注意SSLv2 是在代码里关闭,不能使用任何配置选项来启用


  
  

posted @ 2016-03-07 11:00  czcb  阅读(915)  评论(0编辑  收藏  举报