You can find the source of this version on GitHub at cloudfoundry-incubator/haproxy-boshrelease. It was created based on the commit
- Removed RC4 ciphers from the default cipher suite
- Added HSTS support via the
ha_proxy.hsts_max_ageproperties. HSTS is off by default.
Added support for disabling TLS tickets to improve Forward Secrecy, via
ha_proxy.disable_tls_tickets. TLS tickets are disabled by default
Updated haproxy to v1.6.12 (from 1.6.10)
Updated pcre to v8.40 (from 8.36)
Updated socat to v126.96.36.199 (from 188.8.131.52)
- Many thanks to @lcacciagioni for his work on these SSL improvements!
You can reference this release in your deployment manifest from the
- name: "haproxy" version: "8.1.0" url: "https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=8.1.0" sha1: "81566c001f0f4e2f066a0dabbc3d3187bd82be53"
Or upload it to your director with the
bosh upload-release --sha1 81566c001f0f4e2f066a0dabbc3d3187bd82be53 \ https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=8.1.0