TLS1.3 Signature Algorithm Configuration

Hi Team ,

Certificate being returned by a server during TLS 1. 3 handshake.

We have an ssl bind(server) opened up on particular port . this particular bind “crt” has been loaded with both ECDSA and RSA based certificates .

For tls 1.2 handshake certificates being returned from server are based on Cipher Authentication Algorithm but for TLS 1.3 it is primarily controlled with help of Signature Algorithms.

Do we have any configuration in haproxy.conf to specify supported signature algorithms by server as well as to request client certificates based on this signature algorithms ?.

openSSL 1.1.1n.7.2.390 – version
FIPS mode: OFF

I need an control on certificates being offered by server back to client when haproxy uses them.


Thanks for the portal it got fixed using TLS 1.3 Controlled Server Certificate using Signature Algorithms · Issue #2081 · haproxy/haproxy · GitHub