> is there any sensible reason that value of ssloptions is hardcoded > instead of passed with config (ie. similiary to > ssl-default-bind-ciphers)? > > i'd like to add NO_SSLv3 which is apparently not in 1.5.6 and in future > it may be likely to add some other options to avoid openssl bugs in > production...
I'm not sure I understand what you mean. You can disable SSLv3 among other things just fine in haproxy 1.5: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#no-sslv3%20%28Bind%20options%29 Lukas
