diff options
| author | Julien Vehent <julien@linuxwall.info> | 2015-04-14 09:27:19 -0400 |
|---|---|---|
| committer | Julien Vehent <julien@linuxwall.info> | 2015-04-14 09:27:19 -0400 |
| commit | fec87a74b1937abe613d09bf721a99340e569de3 (patch) | |
| tree | 36ed3f8ed8fd5dbd6acae0501eaa13ca0ab1aea6 | |
| parent | 9a6f496d233d1615738d8174dac96c154225eaa9 (diff) | |
| parent | 6f44769a34bb980dab9ea79075092741a9060848 (diff) | |
| download | server-side-tls-fec87a74b1937abe613d09bf721a99340e569de3.zip server-side-tls-fec87a74b1937abe613d09bf721a99340e569de3.tar.gz server-side-tls-fec87a74b1937abe613d09bf721a99340e569de3.tar.bz2 | |
Merge pull request #47 from mozilla/dh-param-for-old-profile
Max DH Key size is constrained by Java support
| -rw-r--r-- | ssl-config-generator/index.html | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/ssl-config-generator/index.html b/ssl-config-generator/index.html index 30566f8..d34d115 100644 --- a/ssl-config-generator/index.html +++ b/ssl-config-generator/index.html @@ -98,7 +98,7 @@ server { <pre style="visibility: {{visibility}};"> global # set default parameters to the {{securityProfile}} configuration - tune.ssl.default-dh-param 2048 + tune.ssl.default-dh-param {{maxDHKeySize}} ssl-default-bind-ciphers {{cipherSuites}} frontend ft_test @@ -138,6 +138,13 @@ frontend ft_test old: 'Windows XP IE6, Java 6' }; + // http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#tune.ssl.default-dh-param + var maxDHKeySize = { + modern: '2048', + intermediate: '1024', + old: '1024' + }; + function getVersionConstrainedDirectives(data) { switch (data.server) { case "nginx": @@ -245,6 +252,7 @@ frontend ft_test jQuery.extend(data, { sslProtocols: sslProtocols[data.securityProfile][data.server], cipherSuites: cipherSuites[data.securityProfile], + maxDHKeySize: maxDHKeySize[data.securityProfile], clientList: clientList[data.securityProfile], queryString: $.param({ server: $("div#server-list input:radio:checked").val() + "-" + $("#server-version").val(), |