X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pveproxy.adoc;h=d50d04a967f540627daea77c14f8623eeb7f0cfb;hp=472be848a63226d242ffa99d338cdc326ebd451a;hb=856993e4166495537f42e0b9c3a51c966227feab;hpb=aeecd9ea39bc5cbd84244cff34c7daba1045a1fb

diff --git a/pveproxy.adoc b/pveproxy.adoc
index 472be84..d50d04a 100644
--- a/pveproxy.adoc
+++ b/pveproxy.adoc
@@ -64,11 +64,17 @@ SSL Cipher Suite
 
 You can define the cipher list in `/etc/default/pveproxy`, for example
 
- CIPHERS="HIGH:MEDIUM:!aNULL:!MD5"
+ CIPHERS="ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
 
 Above is the default. See the ciphers(1) man page from the openssl
 package for a list of all available options.
 
+Additionally you can define that the client choses the used cipher in
+`/etc/default/pveproxy` (default is the first cipher in the list available to
+both client and `pveproxy`):
+
+ HONOR_CIPHER_ORDER=0
+
 
 Diffie-Hellman Parameters
 -------------------------
@@ -88,7 +94,7 @@ exchange algorithm is negotiated.
 Alternative HTTPS certificate
 -----------------------------
 
-You can change the certificate used, to an external one or to one obtained via
+You can change the certificate used to an external one or to one obtained via
 ACME.
 
 pveproxy uses `/etc/pve/local/pveproxy-ssl.pem` and
@@ -98,6 +104,14 @@ The private key may not use a passphrase.
 
 See the Host System Administration chapter of the documentation for details.
 
+COMPRESSION
+-----------
+
+By default `pveproxy` uses gzip HTTP-level compression for compressible
+content, if the client supports it. This can disabled in `/etc/default/pveproxy`
+
+ COMPRESSION=0
+
 ifdef::manvolnum[]
 include::pve-copyright.adoc[]
 endif::manvolnum[]