|
2 | 2 | <html lang="en"> |
3 | 3 | <head> |
4 | 4 | <meta charset="utf-8" /> |
5 | | - <title>HAProxy version 3.4-dev3-12 - Configuration Manual</title> |
| 5 | + <title>HAProxy version 3.4-dev3-15 - Configuration Manual</title> |
6 | 6 | <link href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" /> |
7 | 7 | <link href="https://raw.githubusercontent.com/thomaspark/bootswatch/v3.3.7/cerulean/bootstrap.min.css" rel="stylesheet" /> |
8 | 8 | <link href="../css/page.css?0.4.2-15" rel="stylesheet" /> |
|
4578 | 4578 |
|
4579 | 4579 | <a class="list-group-item" href="#tune.ssl.capture-cipherlist-size">tune.ssl.capture-cipherlist-size</a> |
4580 | 4580 |
|
| 4581 | + <a class="list-group-item" href="#tune.ssl.certificate-compression">tune.ssl.certificate-compression</a> |
| 4582 | + |
4581 | 4583 | <a class="list-group-item" href="#tune.ssl.default-dh-param">tune.ssl.default-dh-param</a> |
4582 | 4584 |
|
4583 | 4585 | <a class="list-group-item" href="#tune.ssl.force-private-cache">tune.ssl.force-private-cache</a> |
|
4783 | 4785 | You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br> |
4784 | 4786 | </p> |
4785 | 4787 | <p class="text-right"> |
4786 | | - <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2026/01/22</b></small> |
| 4788 | + <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2026/01/27</b></small> |
4787 | 4789 | </p> |
4788 | 4790 | </div> |
4789 | 4791 | <!-- /.sidebar --> |
|
4794 | 4796 | <div class="text-center"> |
4795 | 4797 | <h1><a href="http://www.haproxy.org/" title="HAProxy"><img src="../img/HAProxyCommunityEdition_60px.png?0.4.2-15" /></a></h1> |
4796 | 4798 | <h2>Configuration Manual</h2> |
4797 | | - <p><strong>version 3.4-dev3-12</strong></p> |
| 4799 | + <p><strong>version 3.4-dev3-15</strong></p> |
4798 | 4800 | <p> |
4799 | 4801 | 2026/01/22<br> |
4800 | 4802 |
|
@@ -7892,6 +7894,7 @@ <h2 id="chapter-2.10" data-target="2.10"><small><a class="small" href="#2.10">2. |
7892 | 7894 | - <a href="#tune.ssl.cachesize">tune.ssl.cachesize</a> |
7893 | 7895 | - <a href="#tune.ssl.capture-buffer-size">tune.ssl.capture-buffer-size</a> |
7894 | 7896 | - tune.ssl.capture-cipherlist-size (deprecated) |
| 7897 | + - <a href="#tune.ssl.certificate-compression">tune.ssl.certificate-compression</a> |
7895 | 7898 | - <a href="#tune.ssl.default-dh-param">tune.ssl.default-dh-param</a> |
7896 | 7899 | - <a href="#tune.ssl.force-private-cache">tune.ssl.force-private-cache</a> |
7897 | 7900 | - <a href="#tune.ssl.hard-maxrecord">tune.ssl.hard-maxrecord</a> |
@@ -10669,6 +10672,20 @@ <h2 id="chapter-3.2" data-target="3.2"><small><a class="small" href="#3.2">3.2.< |
10669 | 10672 | list, extensions list, elliptic curves list and elliptic curve point |
10670 | 10673 | formats. If the value is 0 (default value) the capture is disabled, |
10671 | 10674 | otherwise a buffer is allocated for each SSL/TLS connection. |
| 10675 | +</pre><a class="anchor" name="tune.ssl.certificate-compression"></a><a class="anchor" name="3-tune.ssl.certificate-compression"></a><a class="anchor" name="3.2-tune.ssl.certificate-compression"></a><a class="anchor" name="tune.ssl.certificate-compression (Global section)"></a><a class="anchor" name="tune.ssl.certificate-compression (Performance tuning)"></a><div class="keyword"><b><a class="anchor" name="tune.ssl.certificate-compression"></a><a href="#3.2-tune.ssl.certificate-compression">tune.ssl.certificate-compression</a></b> <span style="color: #800">{ auto | off }</span></div><pre class="text">This setting allows to configure the certificate compression support which is |
| 10676 | +an extension (RFC 8879) to TLS 1.3. |
| 10677 | + |
| 10678 | +When set to "auto" it uses the default value of the TLS library. |
| 10679 | + |
| 10680 | +With "off" it tries to explicitely disable the support of the feature. |
| 10681 | +HAProxy won't try to send compressed certificates anymore nor accept |
| 10682 | +compressed certificates. |
| 10683 | + |
| 10684 | +Configures both backend and frontend sides. |
| 10685 | + |
| 10686 | +This keyword is supported by OpenSSL >= 3.2.0. |
| 10687 | + |
| 10688 | +The default value is auto. |
10672 | 10689 | </pre><a class="anchor" name="tune.ssl.default-dh-param"></a><a class="anchor" name="3-tune.ssl.default-dh-param"></a><a class="anchor" name="3.2-tune.ssl.default-dh-param"></a><a class="anchor" name="tune.ssl.default-dh-param (Global section)"></a><a class="anchor" name="tune.ssl.default-dh-param (Performance tuning)"></a><div class="keyword"><b><a class="anchor" name="tune.ssl.default-dh-param"></a><a href="#3.2-tune.ssl.default-dh-param">tune.ssl.default-dh-param</a></b> <span style="color: #080"><number></span></div><pre class="text">Sets the maximum size of the Diffie-Hellman parameters used for generating |
10673 | 10690 | the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The |
10674 | 10691 | final size will try to match the size of the server's RSA (or DSA) key (e.g, |
@@ -34492,7 +34509,7 @@ <h2 id="chapter-12.8" data-target="12.8"><small><a class="small" href="#12.8">12 |
34492 | 34509 | <br> |
34493 | 34510 | <hr> |
34494 | 34511 | <div class="text-right"> |
34495 | | - HAProxy 3.4-dev3-12 – Configuration Manual<br> |
| 34512 | + HAProxy 3.4-dev3-15 – Configuration Manual<br> |
34496 | 34513 | <small>, 2026/01/22</small> |
34497 | 34514 | </div> |
34498 | 34515 | </div> |
|
0 commit comments