thescratcho
commented
2 years ago sorry for the formating, for the tls config look here:
Open thescratcho opened 2 years ago
thescratcho
commented
2 years ago sorry for the formating, for the tls config look here:
iwalton3
commented
1 year ago
Hello, i'm using Jellyfin behind Haproxy
I like to enforce strong secruity and only use TLS 1.3
I noticed that MPV shim cant connect to the server when using TLS 1.3 TLS 1.2 works fine
could you please fix that problem so it works with TLS1.3
Here is the TLS 1.3 config that is being used in Haproxy:
`# modern configuration ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
TLS 1.2 configuration which works:
`# intermediate configuration ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
frontend ft_test mode http bind :443 ssl crt /path/to/<cert+privkey+intermediate> alpn h2,http/1.1 bind :80 redirect scheme https code 301 if !{ ssl_fc }