Hi William,
Thanks for the fast feedback!
On 13/11/2025 15:55, William Lallemand wrote:
Thanks, that's a good point! However checking only OPENSSL_IS_AWSLC won't be
enough, FIPS versions are LTS and are supported by HAProxy (especially
AWS-LC-3.0.0), you could either check AWSLC_API_VERSION > 34 or the
TLSEXT_nid_unknown constant which was added by the awslc patch.
Indeed I need to ensure the version is recent enough as the addition in
AWS-LC is quite recent. I assumed users would be running recent versions
as they're doing their own build anyway but didn't consider LTS. Oh, and
I forgot to update the doc so there was a need for a patch v2 anyway :)
Also note that we haven't supported boringSSL for a several years, I don't
know if you've tried compiling with it but the build will likely fail.
I was adding support for BoringSSL to be nice as I saw they also added
the feature, but I don't use it anyway so let's not add tech debt.
