@jtl wrote:
Server: HAProxy 1.7.5 in HTTP/SSL termination mode.
The problem is SSL sites behind my HAProxy load balancer are able to be connected to with Chrome/Firefox/Internet Explorer on Windows OSX and Linux (for the first two). But I’m unable to connect to said sites when using an OS X or iOS client with Safari.
I can connect to http sites terminated at my load balancer from Safari/iOS just fine, just not https sites.
I’m using SSL configuration parameters derived from the Mozilla TLS configuration tool, but have tried weaking them with no success.
ssl-dh-param-file /etc/ssl/dhparam.pem ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-ticketsI get an A result on dev.ssllabs.com so that’s not an issue, per se, but it is something between my SSL setup and something Safari doesn’t like.
Any help is appreciated.
Thanks
Posts: 1
Participants: 1