After configuring HAProxy to use cipher excluding RC4 its still appears

PiBa-NL / pfsense-haproxy-package-doc

55 stars 15 forks source link

After configuring HAProxy to use cipher excluding RC4 its still appears #10

Open moh10ly opened 4 years ago

moh10ly commented 4 years ago

While trying to secure the HAProxy to use the most secure Ciphers and protocols, I have disabled SSL3, tls1.0 and 1.1 and left 1.2 enabled only. When running test on ssllabs.com it shows that HAproxy accepts RC4 cipher with old protocols only. Thank you

PiBa-NL commented 4 years ago

Sounds like you configured options, have you configured ciphers also? https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.0&ocsp=false&guideline=5.4

moh10ly commented 4 years ago

Hi PiBa, I managed to do it by placing the cipher in the same line as Advanced SSL options. I used the following and now it's showing as expected.

Thank you so much

force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384