Haproxy 1.8 offerint TLS 1 and 1.1

KarlMx · December 10, 2021, 9:21pm

Hi,

I’ve been reading several forums and making several tests with a HAProxy 1.8 and add the suggested configuration from mozilla builder, to avoid TLS 1 and 1.1, but still the server is offering the two ciphers, and i was wondering if maybe the “.pem certificate” could be the reason , i mean does it need to be updated?, also using "nmap -sV --script ssl-enum-ciphers -p 443 " i can see Fotigate as a service, can this one be a termination point affection the offered ciphers?

lukastribus · December 11, 2021, 3:28pm

Provide the output of haproxy -vv, the actual configuration and a nmap from the same box (not through the network).

The Fortigate service suggest that you have a SSL intercepting firewall in between, so all the security improvements on haproxy will be useless, because it would only affect the traffic between haproxy and the fortigate firewall.

Topic		Replies	Views
TLS1.3 not operating in V1.8.14 Help!	11	3141	December 29, 2018
Query regarding HAProxy and OpenSSL Help!	4	891	November 25, 2018
HAPRoxy 2.4 not blocking TLSv1.0,1.1 in TCP connections Help!	1	422	August 12, 2023
HAProxy with Old SHA1 Backend Help!	6	271	June 3, 2024
Ssllab still complains about tls 1.0 Help!	1	403	March 3, 2020

Haproxy 1.8 offerint TLS 1 and 1.1

Related Topics