hi,
i am just in the process of reviewing/correcting/hardening my ssl setup.
haproxy uses ssl-termination on the frontend. this works very well.
i also use ssl on the backand - due to the setup of our application and apache
config - this also works very well.
when i run a ssl check with
❦ 23 juin 2014 18:14 +0200, Markus Rietzler w...@mrietzler.de :
to switch off tls compression (because of beast/crime attack) with tls
v1.0 and compression. can i deactivate it in haproxy too?
haproxy disables SSL compression and there is no flag to enable
it. However, disabling SSL
one.
haproxy disables SSL compression and there is no flag to enable
it. However, disabling SSL compression is not available in OpenSSL
0.9.8. Which version of OpenSSL are you using?
Please have a look at
http://blog.haproxy.com/2013/01/21/mitigating-the-ssl-beast-attack-using-the-aloha-load
3 matches
Mail list logo