Hello,
currently i use haproxy 2.4 18 on Ubuntu 22.04 and openssl 3.0.2
For an internal application we use a haproxy cluster as failoversystem. i try to reenable TLS 1.0 & TLS 1.1 in haproxy. I know this is generally a bad idea, because every modern application should be able to talk TLS 1.2 & TLS 1.3, but we have a specific financial application in inttranet which is doing a run through haproxy and now is not able to make ssl handshake anymore.
I tried to reenable TLS 1.0 & TLS 1.1 with usual configuration options like ssl-min-ver or even force-tlsv10, but nothing works. TLS 1.0 & TLS 1.1 are not offered in ssl handshake.
I read some posts that with openssl 3.0.1 TLS1.0 & TLS 1.1 were moved to different SECLEVEL, but every change i do in my haproxy.cfg has no effect.
haproxy tells that config file is valid and also it tells that “OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3” is available, but it has no practical effect.
Is there anybody who has a working configuration to reeneble TLS 1.0 & TLS 1.1 or some other hints to solve my problem?
Thanks,
Hans
4 posts - 2 participants