On Thu, Nov 01, 2012 at 06:23:08PM +0100, [email protected] wrote:
> Possibly a numpty question..but anyway..
> Using 1.5dev12 (build 20121023)
> Is there any way I can config haproxy to pick up the SSL protocol version
> that has been negotiated between server and client. So that if say the best a
> client can negotiate is something lower than TLS1.0, then I can send them off
> to a page telling them to upgrade? Thanks in advance..
Yes you can use the "ssl_fc_protocol" ACL which retrieves the protocol
and version used on the front connection. It returns the same string
as can be found in "man SSL_get_version".
For instance, you could do this :
use_backend too_old if !{ ssl_fc_protocol TLSv1 }
Regards,
Willy
