How to disable TLS v1.0 & v1.1 in HAProxy?

lukastribus · February 23, 2022, 3:51pm

no-tlsv11 no-tlsv10 no-sslv3

This configuration is correct, the configuration may not be properly applied (old haproxy instance running in the background with old configurations), you may hit a bug, or your measurements may not be accurate.

Provide the output of haproxy -vv and openssl outputs from the haproxy machine (not a far end device crossing firewalls and other security devices, you may have SSL intercepting devices in the path), but 127.0.0.1:443 :

openssl s_client -tls1 127.0.0.1:443
openssl s_client -tls1_1 127.0.0.1:443
openssl s_client -tls1_2 127.0.0.1:443

Topic		Replies	Views
Enable TLS 1.0 & TLS 1.1 in haproxy 2.4 Help!	3	1025	March 28, 2023
SSL Configuration for HAProxy 1.6.12 Help!	0	1204	July 4, 2017
Ssllab still complains about tls 1.0 Help!	1	380	March 3, 2020
TLS1.3 not operating in V1.8.14 Help!	11	3026	December 29, 2018
Disable certain TLS 1.3 ciphers in haproxy.cfg Help!	4	6465	August 5, 2018

How to disable TLS v1.0 & v1.1 in HAProxy?

Related Topics