1
edit
Security/TLS Configurations: Difference between revisions
→Stud: changed this to Hitch
(Created page with "= TLS Configurations = This is a backup of the configurations that were previously listed on Security/Server_Side_TLS == Nginx == Nginx provides OCSP Stapling, custom DH...") |
(→Stud: changed this to Hitch) |
||
| Line 115: | Line 115: | ||
</pre> | </pre> | ||
== Stud == | == Hitch (previously Stud) == | ||
[https://hitch-tls.org Hitch] is a lightweight TLS termination proxy. It's basically a wrapper for OpenSSL. Hitch is developed and maintained by Varnish Software, it is the recommended alternative now that [https://github.com/bumptech/stud stud is officially abandonware]. Features such as SNI, with and without wildcard certificates as well as HAproxy's PROXY protocol v2 have been added. OCSP stapling and ALPN support are expected during 2016. It is very lightweight and efficient, and with a recent openssl, supports all the TLS 1.2 ciphers. It supports only TLS (all SSL versions unsupported). | |||
<pre> | <pre> | ||
# SSL x509 certificate file. REQUIRED. | # SSL x509 certificate file. REQUIRED. | ||
| Line 129: | Line 129: | ||
# | # | ||
tls = on | tls = on | ||
ssl = | ssl = off | ||
# List of allowed SSL ciphers. | # List of allowed SSL ciphers. | ||