Note that you can also log the information as well: http://blog.exceliance.fr/2012/10/29/haproxy-log-customization/
(check examples at the bottom of the article) cheers On Thu, Nov 1, 2012 at 7:37 PM, Willy Tarreau <[email protected]> wrote: > On Thu, Nov 01, 2012 at 06:23:08PM +0100, [email protected] wrote: >> Possibly a numpty question..but anyway.. >> Using 1.5dev12 (build 20121023) >> Is there any way I can config haproxy to pick up the SSL protocol version >> that has been negotiated between server and client. So that if say the best a >> client can negotiate is something lower than TLS1.0, then I can send them off >> to a page telling them to upgrade? Thanks in advance.. > > Yes you can use the "ssl_fc_protocol" ACL which retrieves the protocol > and version used on the front connection. It returns the same string > as can be found in "man SSL_get_version". > > For instance, you could do this : > > use_backend too_old if !{ ssl_fc_protocol TLSv1 } > > Regards, > Willy > >
