Extended Master secret key is set to "No"

Gajanana · July 16, 2024, 2:39pm

The haproxy.cfg has min support of TLS version 1.2 and a set of specific ciphers e.g. “ECDHE-RSA-AES256-GCM-SHA384” to be allowed for communication.

When i run the following command:
openssl s_client -connect <> | grep secret
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = countrycode, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = countrycode, ST = stateName, L = locationName, O = organizationname, CN = domainname
verify return:1
Extended master secret: no

Do we know where this setting is there in haproxy to enable this “Extended Master Secret” key to yes or is it something relevant to openssl.

lukastribus · July 17, 2024, 8:05am

This is not related to haproxy but openssl.

Topic		Replies	Views
HAProxy unable to verify device certificate Help!	2	651	February 15, 2021
SSL Configuration for HAProxy 1.6.12 Help!	0	1256	July 4, 2017
Configuration ssl <NOSRV> -1/-1/-1/-1/0 503 212 - - SC-- Configuration Samples	4	1881	February 13, 2023
Haproxy 2.04 with openssl 1.1.1 TLS 1.3 not working Help!	25	8426	August 14, 2019
How to disable TLS v1.0 & v1.1 in HAProxy? Help!	14	14757	February 25, 2023

Extended Master secret key is set to "No"

Related topics