hi, i am just in the process of reviewing/correcting/hardening my ssl setup.
haproxy uses ssl-termination on the frontend. this works very well. i also use ssl on the backand - due to the setup of our application and apache config - this also works very well. when i run a ssl check with globalsign or ssllabs i get a warning about CRIME/BEAST (in tls v 1.0) in apache i can use #don't use sslcompression, its unsecure SSLCompression off to switch off tls compression (because of beast/crime attack) with tls v1.0 and compression. can i deactivate it in haproxy too? thanxs markus
