"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "docs/configuration.md" between
hitch-1.5.2.tar.gz and hitch-1.6.0.tar.gz

About: Hitch is a libev-based high performance SSL/TLS proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend.

configuration.md  (hitch-1.5.2):configuration.md  (hitch-1.6.0)
skipping to change at line 168 skipping to change at line 168
To turn this on, you must supply an `alpn-protos` setting in the To turn this on, you must supply an `alpn-protos` setting in the
configuration file: configuration file:
alpn-protos = "h2,http/1.1" alpn-protos = "h2,http/1.1"
If the PROXY protocol is enabled (`write-proxy = on`), Hitch will If the PROXY protocol is enabled (`write-proxy = on`), Hitch will
transmit the selected protocol as part of its PROXY header. transmit the selected protocol as part of its PROXY header.
## SSL/TLS protocol setting ## SSL/TLS protocol setting
Hitch supports TLS (1.0, 1.1 and 1.2) and SSL 3. By default, only TLS Hitch supports TLS (1.0, 1.1, 1.2, 1.3) and SSL 3. By default, only
versions 1.1 and 1.2 are enabled, while TLS 1.0 and SSLv3 are TLS versions 1.2 and 1.3 are enabled, while the older protocol
disabled. The recommended way to to select protocols is to use versions are disabled. The recommended way to to select protocols is
`tls-protos` in the configuration file: to use `tls-protos` in the configuration file:
tls-protos = TLSv1.1 TLSv1.2 tls-protos = TLSv1.2 TLSv1.3
The following tokens are available for the `tls-protos` option: The following tokens are available for the `tls-protos` option:
`SSLv3`, `TLSv1.0`, `TLSv1.1` and `TLSv1.2`. `SSLv3`, `TLSv1.0`, `TLSv1.1`, `TLSv1.2` and `TLSv1.3`.
The availability of protocol versions depend on OpenSSL version and
system configuration. In particular for TLS 1.3, openssl 1.1.1 or
later is required.
For supporting legacy protocol versions you may also need to lower the
`MinProtocol` property in your OpenSSL configuration (typically
`/etc/ssl/openssl.cnf`).
## TCP Fast Open Support
TCP Fast Open saves up to one full round-trip time (RTT) over
the standard three-way connection handshake during a TCP session.
On a system which supports TCP Fast Open, Hitch is able to reduce
network latency with the following in the configuration file:
tcp-fastopen = on
## Uninterrupted configuration reload ## Uninterrupted configuration reload
Issuing a SIGHUP signal to the main Hitch process will initiate a Issuing a SIGHUP signal to the main Hitch process will initiate a
reload of Hitch's configuration file. reload of Hitch's configuration file.
Adding, updating and removing PEM files (``pem-file``) and frontend Adding, updating and removing PEM files (``pem-file``) and frontend
listen endpoints (``frontend``) is currently supported. listen endpoints (``frontend``) is currently supported.
Hitch will load the new configuration in its main process, and spawn a Hitch will load the new configuration in its main process, and spawn a
 End of changes. 3 change blocks. 
6 lines changed or deleted 24 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)