Quantcast
Channel: HAProxy community - Latest topics
Viewing all articles
Browse latest Browse all 4760

How to disable TLS v1.0 & v1.1 in HAProxy?

$
0
0

Hi,

For our application, it shows TLS v1.0 & v1.1 are enabled. We need to disable it.

We checked the haproxy config file file & added this:

frontend ssl
bind 0.0.0.0:443 ssl crt /etc/haproxy/ssl_cert.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 force-tlsv12 ca-file /etc/haproxy/ssl_ca_cert.pem no-tlsv11 no-tlsv10 no-sslv3 verify optional

But still, it shows as enabled.

What are we missing here? Let us know if you need the complete config file.

Thanks.

7 posts - 4 participants

Read full topic


Viewing all articles
Browse latest Browse all 4760


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>