summaryrefslogtreecommitdiffstats
path: root/releasenotes/notes/Add-Internal-TLS-CA-File-parameter-c24ee13daaa11dfc.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-05-03Internal TLS: Use specific CA file for haproxyJuan Antonio Osorio Robles1-0/+6
Instead of using the CA bundle, this sets HAProxy to use a specific file for validating the certificates of the services it's proxying. This helps in two ways: * Improves performance since validation will check only one certificate. * Improves security since we're only the certificates signed by one CA are valid, instead of any certificate that the system trusts (which could include potentially compromised public certs). Change-Id: Id6de045b3c93c82d37e0b0657c17a3108516016a