We use a single backend large scale HAPROXY based proxy server. SSL offload happens at this layer. is it possible to disable TLS1.3 for a specific domain/hostname? We have thousand of apps and each app has its own hostname. We use SNI and http mode .
Don’t want to introduce too much complexity to solve this problem for one or two apps who are not compatible with tls 1.3, like new front-ends or additional backends or disable tls1.3 globally at front-end level.
highly appreciated if anyone has good approach.