]> git.kaiwu.me - haproxy.git/commit
MEDIUM: ssl: introduce src/fips.c with TLS version check
authorWilliam Lallemand <wlallemand@haproxy.com>
Tue, 30 Jun 2026 12:38:31 +0000 (12:38 +0000)
committerWilliam Lallemand <wlallemand@haproxy.com>
Tue, 30 Jun 2026 13:54:52 +0000 (13:54 +0000)
commit557f083cda780040d5cfa45dd84f2d788065a15e
tree5f375b2ecc48bf7ca4e9fd21351e5c9dedaa1ade
parent9d64d390c8dc9af5f626052d08eeb4a1f2dd5d2e
MEDIUM: ssl: introduce src/fips.c with TLS version check

Add src/fips.c and include/haproxy/fips.h to centralise FIPS compliance
checks for AWS-LC builds.

ssl_fips_check_version() verifies that ssl-min-ver is not set below
TLS 1.2, which AWS-LC in FIPS mode would refuse to negotiate.

The check accepts an enum obj_type * so it can resolve the owning
bind/server and produce a precise error message including the proxy
and object name in the standard HAProxy 'type proxy/name' form.
Makefile
include/haproxy/fips.h [new file with mode: 0644]
src/fips.c [new file with mode: 0644]
src/ssl_sock.c