From 5fd812c2590e2524322d3328507ff572fd59cf4d Mon Sep 17 00:00:00 2001 From: Miciah Dashiel Butler Masters Date: Tue, 23 Jun 2026 19:58:02 -0400 Subject: [PATCH] Limit allowed elliptic curves to X25519MLKEM768 Hard-code the list of allowed elliptic curves to just X25519MLKEM768. This commit is for testing purposes only, namely to collect data on the performance impact of ML-KEM. * images/router/haproxy/conf/haproxy-config.template: Hard-code ssl-default-bind-curves to X25519MLKEM768. --- images/router/haproxy/conf/haproxy-config.template | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/images/router/haproxy/conf/haproxy-config.template b/images/router/haproxy/conf/haproxy-config.template index 33fc45901..1d5e73ae5 100644 --- a/images/router/haproxy/conf/haproxy-config.template +++ b/images/router/haproxy/conf/haproxy-config.template @@ -131,11 +131,7 @@ global {{- end }} {{- end }} - # By default when a ROUTER_CURVES is not defined HAProxy - # will use its built-in default supported groups for TLS key exchange. - {{- with (env "ROUTER_CURVES") }} - ssl-default-bind-curves {{ . }} - {{- end }} + ssl-default-bind-curves X25519MLKEM768 defaults {{- with $value := env "ROUTER_MAX_CONNECTIONS" "50000" }}