Hi Dominik,
On Thu, 2 May 2024 at 17:14, Froehlich, Dominik
wrote:
The closest I’ve gotten is the “curves” property:
https://docs.haproxy.org/2.8/configuration.html#5.1-curves
However, I think it only restricts the available elliptic curves in a ECDHE
handshake, but it does not prevent a TL
On Thu, 2 May 2024 at 19:50, Lukas Tribus wrote:
>
> On Thu, 2 May 2024 at 17:14, Froehlich, Dominik
> wrote:
> > The closest I’ve gotten is the “curves” property:
> > https://docs.haproxy.org/2.8/configuration.html#5.1-curves
> >
> > However, I think it only restricts the available elliptic cur
On Thu, 2 May 2024 at 17:14, Froehlich, Dominik
wrote:
> The closest I’ve gotten is the “curves” property:
> https://docs.haproxy.org/2.8/configuration.html#5.1-curves
>
> However, I think it only restricts the available elliptic curves in a ECDHE
> handshake, but it does not prevent a TLS 1.3 c
I'd try openssl.cnf
чт, 2 мая 2024 г. в 17:17, Froehlich, Dominik :
> Hello everyone,
>
>
>
> I’m hardening HAProxy for CVE-2002-20001 (DHEAT attack) at the moment.
>
>
>
> For TLS 1.2 I’m using the “tune.ssl.default-dh-param” option to limit the
> key size to 2048 bit so that an attacker can’t f
Hello everyone,
I’m hardening HAProxy for CVE-2002-20001 (DHEAT attack) at the moment.
For TLS 1.2 I’m using the “tune.ssl.default-dh-param” option to limit the key
size to 2048 bit so that an attacker can’t force huge keys and thus lots of CPU
cycles on the server.
However, I’ve noticed that
5 matches
Mail list logo
