According to the requirement I want to send APIs with TLSv1.2 (This version only) to a server through haproxy. I tried using multiple options for changing the TLS version.
In Backend
- server destserver ssl-min-ver TLSv1.2
- server destserver check ssl verify none ssl-min-ver TLSv1.2
- server destserver check ssl verify none no-sslv3 ciphers TLSv1.2
- server destserver check ssl verify none no-sslv3 ssl-min-ver TLSv1.2
5.server destserver check ssl verify none force-tlsv12
In Global
-
tune.ssl.default-dh-param 1024 ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
These approaches did not work.
For temporary fix, the working structure for now through SNI check in backend
- server destserver ssl verify none check-sni <ip_without_port> sni str(<ip_without_port>) check
But still I need a correct fix to pass the APIs with appropriate TLS version
2 posts - 2 participants