This directory contains a Dockerfile that builds haproxy using OpenSSL v3 using the OQS provider, which allows haproxy to negotiate quantum-safe keys and use quantum-safe authentication in TLS 1.3.
Install Docker and run the following commands in this directory:
docker build --build-arg SIG_ALG=<SIG> --build-arg KEM_ALGLIST=<KEMS> --tag oqs-haproxy .(<SIG>can be any of the signature authentication algorithms and<KEMS>can be a colon separated list of the Key exchange mechanisms listed here). An alternative, simplified build instruction isdocker build -t oqs-haproxy .: This will generate the image with a default QSC algorithm and KEMs (dilithium3, p384_kyber768:kyber768 -- see Dockerfile to change this).docker run --detach --rm --name oqs-haproxy -p 4433:4433 oqs-haproxy
This will start a docker container that has haproxy listening for TLS 1.3 connections on port 4433. Actual data will be served via a load-balanced lighttpd server running on ports 8181 and 8182.
Complete information how to use the image is available in the separate file USAGE.md.
The Dockerfile provided allows for significant customization of the image built:
Tag of openssl release to be used.
Tag of liboqs release to be used.
Tag of oqsprovider release to be used.
This permits changing the build options for the underlying library with the quantum safe algorithms. All possible options are documented here.
By default, the image is built such as to have maximum portability regardless of CPU type and optimizations available, i.e. to run on the widest possible range of cloud machines.
This defines the quantum-safe cryptographic signature algorithm for the internally generated (demonstration) CA and server certificates.
The default value is 'dilithium3' but can be set to any value documented here.
This defines the quantum-safe key exchange mechanisms to be supported.
The default value is p384_kyber768:kyber768 but can be set to any set of colon separated values documented here.
These define the version of HAPROXY to use with the default set to 3.0 and 5 respectively to represent haproxy version 3.0.5.