On Wed, 25 Sept 2024 at 10:22, Olivier D <webmas...@ajeux.com> wrote: > > Hello everyone, > Doing a testssl scan on our server, with PFS, the following was returned : > > TLS 1.2 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 > RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224 RSA+SHA1 > TLS 1.3 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 > RSA-PSS-RSAE+SHA512 > > With TLS 1.2 you can see that RSA+SHA1 is available. I was unable to find a > way to disable it in HAProxy config. Can you point me to the right direction ?
sigalgs are documented and its configuration statements are: client-sigalgs <sigalgs> sigalgs <sigalgs> ssl-default-bind-client-sigalgs <sigalgs> ssl-default-bind-sigalgs <sigalgs> If you already tried those, please explain what exactly you tried and how (sigalps haproxy configuration, versions as per haproxy -vv, etc). Lukas