I agree that it would be nice to avoid duplicating this in many different bind sections. Having to repeat a fairly long and ugly line does make the config harder to read.
bind 1.2.3.4:443 ssl crt a.b.c.cert crt /etc/haproxy/cert/ ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:RC4-SHA:RC4-MD5:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:SRP-RSA-3DES-EDE-CBC-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES128-SHA -Bryan On Thu, Jun 20, 2013 at 8:31 AM, Erwin Schliske <[email protected] > wrote: > Hello, > > is it possible to set our preferred ciphers in defaults section? > Background is that we set as in > http://blog.exceliance.fr/2013/01/21/mitigating-the-ssl-beast-attack-using-the-aloha-load-balancer-haproxy/described > alternative ciphers to be secured against BEAST. > > It would be great not to set this for every listen in the config. > > Thanks. > > Regards, > Erwin > > > >
