Output of haproxy -vv and uname -a
Re haproxy -vv: N/A - not using haproxy in part due to not having this feature
Linux ip-172-31-23-135.ec2.internal 4.14.121-109.96.amzn2.x86_64 #1 SMP Wed May 22 16:54:10 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
What should haproxy do differently? Which functionality do you think we should add?
Extend layer 5 sample fetch methods; add ssl_c_sha256 as an alternative to ssl_c_sha1. The ever greater weakness of SHA1 should make the need for this self explanatory.
What are you trying to do?
Check client certificates in a proxied application using the DER hash value. Presently using nginx which also can only provide the SHA1 hash value of the client certificate. So I forward the entire client certificate, which is often a rather large and awkward chunk of data to be passing around using headers. Since haproxy can do no better I am not compelled to convert.
Output of
haproxy -vvanduname -aRe haproxy -vv: N/A - not using haproxy in part due to not having this feature
Linux ip-172-31-23-135.ec2.internal 4.14.121-109.96.amzn2.x86_64 #1 SMP Wed May 22 16:54:10 UTC 2019 x86_64 x86_64 x86_64 GNU/LinuxWhat should haproxy do differently? Which functionality do you think we should add?
Extend layer 5 sample fetch methods; add ssl_c_sha256 as an alternative to ssl_c_sha1. The ever greater weakness of SHA1 should make the need for this self explanatory.
What are you trying to do?
Check client certificates in a proxied application using the DER hash value. Presently using nginx which also can only provide the SHA1 hash value of the client certificate. So I forward the entire client certificate, which is often a rather large and awkward chunk of data to be passing around using headers. Since haproxy can do no better I am not compelled to convert.