Browse Source

Change the keyword "ssl" to "tls" to reflect reality since we

effectively disabled support for the SSL protocols.  SSL remains a
common term describing SSL/TLS, there is some controvery about this
change, and the name really doesn't matter, but I feel confident about
it now.
(btw., sthen@ pointed out some historical context:
http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html)
OK benno@, with input from tedu@
OPENBSD_5_7
reyk 10 years ago
parent
commit
7e461c74c3
1 changed files with 9 additions and 9 deletions
  1. +9
    -9
      src/etc/examples/relayd.conf

+ 9
- 9
src/etc/examples/relayd.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: relayd.conf,v 1.2 2014/10/21 02:29:54 lteo Exp $
# $OpenBSD: relayd.conf,v 1.3 2014/12/12 10:05:09 reyk Exp $
#
# Macros
#
@ -34,9 +34,9 @@ redirect www {
}
#
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
# Relay and protocol for HTTP layer 7 loadbalancing and SSL/TLS acceleration
#
http protocol httpssl {
http protocol https {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
@ -45,14 +45,14 @@ http protocol httpssl {
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# ssl { no tlsv1.0, ciphers HIGH }
# ssl session cache disable
# tls { no tlsv1.0, ciphers HIGH }
# tls session cache disable
}
relay wwwssl {
# Run as a SSL accelerator
listen on $ext_addr port 443 ssl
protocol httpssl
relay wwwtls {
# Run as a SSL/TLS accelerator
listen on $ext_addr port 443 tls
protocol https
# Forward to hosts in the webhosts table using a src/dst hash
forward to <webhosts> port http mode loadbalance \


Loading…
Cancel
Save