mozilla / ssl-config-generator

Mozilla SSL Configuration Generator
https://ssl-config.mozilla.org/
Mozilla Public License 2.0
360 stars 59 forks source link

HA-Proxy no-sslv3/no-tlsv1x are ignored #152

Open sachaz opened 3 years ago

sachaz commented 3 years ago

Hello,

On HA-Proxy 2.3.4 I got the following message when I'm applying the ssl-confi-generator configuration: Proxy 'https': no-sslv3/no-tlsv1x are ignored for bind '*:443' at [/etc/haproxy/haproxy.cfg:78]. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.

So I changed ssl-default-bind-options prefer-client-ciphers and ssl-default-server-options values to: no-tls-tickets ssl-min-ver TLSv1.2 (instead of no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets)

janbrasna commented 8 months ago

Related to #206, will be addressed along with:

(Will need to differentiate pre-2.2 vs. v2.2+ definitions…)