From 7e461c74c3ec2d9ae8dbff7bbe6c88fd6beef5ee Mon Sep 17 00:00:00 2001 From: reyk <> Date: Fri, 12 Dec 2014 10:05:09 +0000 Subject: [PATCH] Change the keyword "ssl" to "tls" to reflect reality since we effectively disabled support for the SSL protocols. SSL remains a common term describing SSL/TLS, there is some controvery about this change, and the name really doesn't matter, but I feel confident about it now. (btw., sthen@ pointed out some historical context: http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html) OK benno@, with input from tedu@ --- src/etc/examples/relayd.conf | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/etc/examples/relayd.conf b/src/etc/examples/relayd.conf index 4de1d27c..f9e56d37 100644 --- a/src/etc/examples/relayd.conf +++ b/src/etc/examples/relayd.conf @@ -1,4 +1,4 @@ -# $OpenBSD: relayd.conf,v 1.2 2014/10/21 02:29:54 lteo Exp $ +# $OpenBSD: relayd.conf,v 1.3 2014/12/12 10:05:09 reyk Exp $ # # Macros # @@ -34,9 +34,9 @@ redirect www { } # -# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration +# Relay and protocol for HTTP layer 7 loadbalancing and SSL/TLS acceleration # -http protocol httpssl { +http protocol https { match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" @@ -45,14 +45,14 @@ http protocol httpssl { # Various TCP performance options tcp { nodelay, sack, socket buffer 65536, backlog 128 } -# ssl { no tlsv1.0, ciphers HIGH } -# ssl session cache disable +# tls { no tlsv1.0, ciphers HIGH } +# tls session cache disable } -relay wwwssl { - # Run as a SSL accelerator - listen on $ext_addr port 443 ssl - protocol httpssl +relay wwwtls { + # Run as a SSL/TLS accelerator + listen on $ext_addr port 443 tls + protocol https # Forward to hosts in the webhosts table using a src/dst hash forward to port http mode loadbalance \