Haproxy 1.8 offerint TLS 1 and 1.1


I’ve been reading several forums and making several tests with a HAProxy 1.8 and add the suggested configuration from mozilla builder, to avoid TLS 1 and 1.1, but still the server is offering the two ciphers, and i was wondering if maybe the “.pem certificate” could be the reason , i mean does it need to be updated?, also using "nmap -sV --script ssl-enum-ciphers -p 443 " i can see Fotigate as a service, can this one be a termination point affection the offered ciphers?

Provide the output of haproxy -vv, the actual configuration and a nmap from the same box (not through the network).

The Fortigate service suggest that you have a SSL intercepting firewall in between, so all the security improvements on haproxy will be useless, because it would only affect the traffic between haproxy and the fortigate firewall.