Browser using wrong/weak ssl cipher only with haproxy

Sat, 21 Feb 2015 04:46:14 -0800 

Hi,
I noticed that when I use my browser (latest Firefox) to connect to
haproxy then it will select an RC4 based cipher even though better
options are available. When I make a connection to e.g.
https://www.google.com/ the browser uses the correct cipher instead
(stronger and the first in the list provided by the server).

Both my haproxy and google.com advertise the exact same cipher list:

        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
        TLS_ECDHE_RSA_WITH_RC4_128_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5

The cipher options I'm using in the haproxy config are:
ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5
:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM no-sslv3

When I connect to haproxy the client uses:
TLS_ECDHE_RSA_WITH_RC4_128_SHA

When I connect to google.com the client uses:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

According to https://www.ssllabs.com/ssltest/viewMyClient.html the
browser supports:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy      128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy        128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy         256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy         128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy   128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy   256
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)   WEAK                128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   WEAK          128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   Forward Secrecy       128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)   Forward Secrecy2      128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   Forward Secrecy       256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)     128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)     256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)     112
TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK           128
TLS_RSA_WITH_RC4_128_MD5 (0x4)   WEAK           128

So my question is why isn't the connection to haproxy not using the
better and advertised cipher? Is there an additional setting that need
to be made to make this work as expected?

Regards,
  Dennis

Reply via email to