On Wed, 25 Sept 2024 at 10:22, Olivier D <webmas...@ajeux.com> wrote:
>
> Hello everyone,
> Doing a testssl scan on our server, with PFS, the following was returned :
>
>  TLS 1.2 sig_algs offered:    RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 
> RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224 RSA+SHA1
>  TLS 1.3 sig_algs offered:    RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 
> RSA-PSS-RSAE+SHA512
>
> With TLS 1.2 you can see that RSA+SHA1 is available. I was unable to find a 
> way to disable it in HAProxy config. Can you point me to the right direction ?

sigalgs are documented and its configuration statements are:

client-sigalgs <sigalgs>
sigalgs <sigalgs>
ssl-default-bind-client-sigalgs <sigalgs>
ssl-default-bind-sigalgs <sigalgs>

If you already tried those, please explain what exactly you tried and
how (sigalps haproxy configuration, versions as per haproxy -vv, etc).


Lukas


Reply via email to