On Tue, Jul 05, 2022 at 12:06:14PM +0500, Илья Шипицин wrote: > вт, 5 июл. 2022 г. в 11:56, William Lallemand <[email protected]>: > > > On Tue, Jul 05, 2022 at 11:15:25AM +0500, Илья Шипицин wrote: > > > I tried to run on Ubuntu 22.04, it is shipped with OpenSSL-3.0 and > > > SECLEVEL=2 by default (probably it is correct for RedHat 9 as well ?) > > > > > > test · chipitsine/haproxy@1d69992 (github.com) > > > < > > https://github.com/chipitsine/haproxy/runs/7163834085?check_suite_focus=true#step:16:602 > > > > > > > > > ssl - What could cause "dh key too small" error? - Stack Overflow > > > < > > https://stackoverflow.com/questions/61626206/what-could-cause-dh-key-too-small-error > > > > > > > > > if nobody minds, I'll add SECLEVEL=2 to CI. > > > shall we run *only* SECLEVEL=2 or shall we expand build matrix ? > > > > > > > That's not a good idea, this is supposed to be the default in a lot of > > distribution and this could hide a lot of problems. HAProxy must works > > with this default settings, the failing reg-test must be fixed instead. > > > > I mean "what to do after reg-test fix" (no question on that). > in order to prevent regression... >
Sorry I didn't get correctly what you wanted to do. Maybe we could add at least a 22.04 to the build. We could convert the whole matrix to 22.04 later, but we still need to test with OpenSSL 1.1.1, so we need reg-tests with the 1.1.1 built manually. -- William Lallemand
