Hi,
We are trying to move our infrastructre from Microsoft NLB to HAproxy to do the load balancing.I have almost completed configuring the HAproxy but when i tried to SSL test throguh SSLlabs im getting this error for IE8 browser. Can you please let me know what would be the appropriate cipher to use for enabling the IE8
here are the ciphers configured on my HAproxy
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA
Check the SslLabs browser related pages as they list supported cipher-suites for each browser.
(Also note that perhaps the error is not strictly related to the cipher suite, but because of SNI or other SSL feature that is not supported.)
I’m new to this HAproxy, so can you please guide me on what SSL feature specifically that i need to check on Haproxy server and we are using wild card certificate.
Take a look at SSLLab’s clients test page:
https://www.ssllabs.com/ssltest/clients.html
For example for IE 8 on Windows 7:
https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8&platform=Win%207&key=21
It seems that IE 8 on that OS doesn’t even support TLS 1.2 nor TLS 1.1, which practically means that in 2019 it won’t be able to browse a large portion of the internet (since TLS 1.0 is marked as deprecated and many deployments don’t support it; in fact even TLS 1.1 is deprecated and shouldn’t be used for secure deployments.)
Therefore based on that feature page I would say you need to enable TLS 1.0 and TLS_RSA_WITH_AES_128_CBC_SHA and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (perhaps also the 256) cipher-suites. ALTHOUGH I STRONGLY SUGGEST NOT DOING SO DUE TO SECURITY CONSIDERATIONS!!
I would also strongly suggest reading the following Mozilla page about TLS on the server side as they describe various levels of compliance (and thus security):
https://wiki.mozilla.org/Security/Server_Side_TLS
And you can use the accompanying tool that generates the required snippets for HAProxy (and other HTTP servers):
https://ssl-config.mozilla.org/
Cipher suites are not the problem, you already have suites supported by IE8 in there.
You need to share the entire configuration and the output of haproxy -vv. Available ciphers also depend on openssl release and compile options.
Here you go:
HA-Proxy version 1.9.8-1ppa2~bionic 2019/06/13 - https://haproxy.org/
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -O2 -fdebug-prefix-map=/build/haproxy-jeU9I_/haproxy-1.9.8=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-format-truncation -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wno-implicit-fallthrough -Wno-stringop-overflow -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_NS=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.1.1 11 Sep 2018
Running on OpenSSL version : OpenSSL 1.1.1a 20 Nov 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.3
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw-deflate(“deflate”), gzip(“gzip”)
Built with PCRE2 version : 10.31 2018-02-12
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as cannot be specified using ‘proto’ keyword)
h2 : mode=HTX side=FE|BE
h2 : mode=HTTP side=FE
: mode=HTX side=FE|BE
: mode=TCP|HTTP side=FE|BE
Available filters :
[SPOE] spoe
[COMP] compression
[CACHE] cache
[TRACE] trace
Config:
global
log /dev/log local0 info
log /dev/log local0 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
# set default parameters to the intermediate configuration
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-DES-CBC3-SHA256:DHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC-SHA:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
defaults
log global
mode http
option httplog
option dontlognull
retries 3
timeout connect 5000
timeout client 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#Http In - forward to https
frontend IDENTITY
bind *:80
redirect scheme https if !{ ssl_fc }
bind *:443 ssl crt /etc/ssl/private/wfs2.pem alpn HTTP/1.1,HTTP/1.0
acl host_identity hdr(host) -i hostname.com
use_backend website1 if host_identity
# HSTS (15768000 seconds = 6 months)
http-response set-header Strict-Transport-Security max-age=15768000
bind *:8989
mode http
stats enable
stats hide-version
stats realm HAPROXY\ Statistics
stats uri /haproxy
stats auth admin:admin
backend website1
mode http
option httpchk
option forwardfor
option http-server-close
balance source
cookie SERVERID insert indirect nocache
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https
http-request set-header Host hostname.com
server ixxx.com 192.168.20.xx:81 check inter 1s cookie I1
server ixxx.com 192.168.20.xx:81 check inter 1s cookie I2
What is the OS you are running IE8 on that has this problem?
OpenSSL 1.1.1 removes by default some old ciphers, but there still should be some overlap. But it also depends on the OS (as schannel is a OS thing, not specific to the browser).
Can you share the domain?
My backend server is Win2019, where my website content is available.
Is there anyway that i can add old ciphers and all i want this cipher to be added in HAProxy .
TLS_RSA_WITH_3DES_EDE_CBC_SHA to make IE8 enable so that my users can access the web application.
I mean the OS of the client, where IE8 runs. Because IE8 uses the schannel SSL stack of the Operating System, that Operating System is very important.
TLS_RSA_WITH_3DES_EDE_CBC_SHA is already enabled in the configuration above (it’s DES-CBC3-SHA), but it’s not compiled in by default in OpenSSL 1.1.1, so it won’t be used.
However AES128-SHA and AES256-SHA (TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA respectively) should match a IE8 schannel stack - in theory.
Please share the domain with us and the OS where IE8 runs. You can send me the domain via private message if you prefer. But I can’t troubleshoot this without having both informations (there may be additional issues where we don’t expect any, like the haproxy build, another frontend terminating SSL in addition to haproxy).
IE8 on Windows 7 should be fine, as it supports TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA (OpenSSL: AES128-SHA and AES256-SHA):
https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8&platform=Win%207&key=21
IE8 on Windows XP needs TLS_RSA_WITH_3DES_EDE_CBC_SHA (which in OpenSSL is DES-CBC3-SHA, and is not compiled in by default in OpenSSL <= 1.1.0):
https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8&platform=XP&key=101
If your issue is with Windows XP clients, then you need recompile OpenSSL 1.1.0 or later with enable-weak-ssl-ciphers or downgrade to OpenSSL 1.0.2:
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
If you do not want to recompile, I suggest you use an older OS like Centos 7 or Ubuntu Xenial. Make sure from the haproxy -vv output that OpenSSL <= 1.0.2 is used.
Thanks Lukas for all your steps provided, sorry for late response.
I have sent you my domain details in private. We still have clients using windows XP so thats the reason we want this cipher need to be enable.
May be i can try it by recompiling the OpenSSL rather than going to older OS version of Ubuntu or Centos
Looking at the domain you send in private I can confirm that IE8 on Windows XP will not be able to open it, because like I suspected 3DES is not available - you can check your site yourself at:
https://www.ssllabs.com/ssltest/
It will show:
IE 8 / XP: No FS 1 No SNI 2 Server sent fatal alert: handshake_failure
I’d strongly suggest you don’t build OpenSSL yourself. There are many pitfalls in doing so, and you need to recompile frequently, as new security fixes come out. You should only go down that road if you and your team are really willing (and have the knowledge) to monitor for new openssl releases, rebuild and rollout both openssl and haproxy fast.
Ubuntu Xenial is supported until 2021, and CentOS 7 until 2024. Using one of those would be my suggestion.
Also for Windows XP support, please do note that Service Pack 3 is absolutely required, to support SHA2 certificates. Windows XP without SP3 won’t open any HTTPS pages nowadays, because there are no SHA1 certificates around anymore.
HI Lukas,
As per your suggestion, i’m trying to load Haproxy on CentOS but im having some difficulties in uninstalling the Haproxy on it. i have installled HAproxy manuallybecause i want the latest version to be installed so i did it manually.
Can you please let me know , how can i uninstall the Haproxy when it was installled manually?What command should i have to use?
To reverse a make install, use make uninstall from the source directory.
Do not forget to manually remove init scripts/systemd unit files, if you copied those as well.