diff options
| -rw-r--r-- | ssl-config-generator/index.html | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/ssl-config-generator/index.html b/ssl-config-generator/index.html index 30566f8..d34d115 100644 --- a/ssl-config-generator/index.html +++ b/ssl-config-generator/index.html @@ -98,7 +98,7 @@ server { <pre style="visibility: {{visibility}};"> global # set default parameters to the {{securityProfile}} configuration - tune.ssl.default-dh-param 2048 + tune.ssl.default-dh-param {{maxDHKeySize}} ssl-default-bind-ciphers {{cipherSuites}} frontend ft_test @@ -138,6 +138,13 @@ frontend ft_test old: 'Windows XP IE6, Java 6' }; + // http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#tune.ssl.default-dh-param + var maxDHKeySize = { + modern: '2048', + intermediate: '1024', + old: '1024' + }; + function getVersionConstrainedDirectives(data) { switch (data.server) { case "nginx": @@ -245,6 +252,7 @@ frontend ft_test jQuery.extend(data, { sslProtocols: sslProtocols[data.securityProfile][data.server], cipherSuites: cipherSuites[data.securityProfile], + maxDHKeySize: maxDHKeySize[data.securityProfile], clientList: clientList[data.securityProfile], queryString: $.param({ server: $("div#server-list input:radio:checked").val() + "-" + $("#server-version").val(), |