The haproxy.cfg has min support of TLS version 1.2 and a set of specific ciphers e.g. “ECDHE-RSA-AES256-GCM-SHA384” to be allowed for communication.
When i run the following command:
openssl s_client -connect <> | grep secret
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = countrycode, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = countrycode, ST = stateName, L = locationName, O = organizationname, CN = domainname
verify return:1
Extended master secret: no
Do we know where this setting is there in haproxy to enable this “Extended Master Secret” key to yes or is it something relevant to openssl.
1 post - 1 participant