After upgrading my haproxy machine to the beta of openSUSE Leap 15.0 ssl connections did not work anymore. A lot of debugging and testing later, I did a rebuild with openssl 1.0 and it all started working again.
Also RSA certificates were just working. If you have similar issues you might also run into:
The workaround for me was to configure the same curve as used in my SSL cert.
$ openssl x509 -noout -text -in /path/to/cert.pem | grep -B1 'NIST CURVE' ASN1 OID: secp384r1 <- NIST CURVE: P-384
Then add the curves parameter to your bind line:
bind 0.0.0.0:443 tfo ssl alpn h2,http/1.1 npn h2,http/1.1 crt /path/to/certs/ curves secp384r1 bind :::443 v6only tfo ssl alpn h2,http/1.1 npn h2,http/1.1 crt /path/to/certs/ curves secp384r1
Of course this workaround only works if all your certs use the same curve. Or you will have to do different bind statements for each certificate.