>>> We need to check how haproxy 1.5 ssl-hello-chk behaves, if it's
>>> still SSLv3 only, it would probably be a good time to upgrade this
>>> to TLS (at least v1.0).
>>>
>>> Enable SSLv3 on your server or disabled ssl-hello-chk to workaround
>>> the issue.
>>>
>>
>> It is, though I would rather add an additional keyword, so like
>> 'ssl-hello-chk tls' would activate TLS1.0
>
> Agreed, that way we can backport it to v1.5.
I was thinking, do we really need this? If one builds 1.5 with openssl, we
can use a real TLS transport layer, by specifying check-ssl on the server
line (not check ssl) and that should fix the problem already?
TCP forwarding should still be possible even with check-ssl.
Lukas
