forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path_tls_cipher_suites_haproxy.html.md.erb
More file actions
8 lines (8 loc) · 993 Bytes
/
_tls_cipher_suites_haproxy.html.md.erb
File metadata and controls
8 lines (8 loc) · 993 Bytes
1
2
3
4
5
6
7
8
In the **TLS Cipher Suites for HAProxy** field, review the TLS cipher suites for TLS handshakes between HAProxy and its clients such as load balancers and Gorouter. The default value for this field is the following:<br>
`DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384`
If you want to modify the default configuration,
use an ordered, colon-delimited list of TLS cipher suites in the OpenSSL format.
<br> Operators should verify that the ciphers are supported by any clients or front-end components that will initiate TLS handshakes with HAProxy.
<%= image_tag 'images/networking_tls_haproxy.png' %>
Verify that every client participating in TLS handshakes with HAProxy has at least one cipher suite in common with HAProxy.
<p class="note"><strong>Note</strong>: Specify cipher suites that are supported by the versions configured in the <strong>Minimum version of TLS supported by HAProxy and Router</strong> field.</p>