Hi,
For our application, it shows TLS v1.0 & v1.1 are enabled. We need to disable it.
We checked the haproxy config file file & added this:
frontend ssl
bind 0.0.0.0:443 ssl crt /etc/haproxy/ssl_cert.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 force-tlsv12 ca-file /etc/haproxy/ssl_ca_cert.pem no-tlsv11 no-tlsv10 no-sslv3 verify optional
But still, it shows as enabled.
What are we missing here? Let us know if you need the complete config file.
Thanks.
7 posts - 4 participants