Hi Dominik,
On Thu, 2 May 2024 at 17:14, Froehlich, Dominik
<dominik.froehl...@sap.com> wrote:
The closest I’ve gotten is the “curves” property:
https://docs.haproxy.org/2.8/configuration.html#5.1-curves
However, I think it only restricts the available elliptic curves in a ECDHE
handshake, but it does not prevent a TLS 1.3 client from selecting a non-ECDHE
prime group, for example “ffdhe8192”.
[snip]
While Lukas answered the specific question better than I could, does the
hardening guide you're following happen to be a public resource in general?
Good public guidelines on the topic is very sparse [1], and I'd be
interested in these if they exist somewhere, if only out of curiosity.
Regards,
Tristan
[1]: Or often essentially nonexistent, short of reading dozens of papers
off arxiv, of which the majority seem to focus on PoCs rather than
practical advice
