While going through the Qualys SSL test (https://www.ssllabs.com/ssltest), one of the items it mentions is a DoS vulnerability in regards to client-side initiated SSL renegotiation (https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks). While researching the subject, it seems that the only reliable way to mitigate the issue is in the server software. Apache has implemented code to disable renegotiation. Would it be possible to add an option in haproxy to disable it?
-Patrick
