> When I connect to haproxy the client uses:
> TLS_ECDHE_RSA_WITH_RC4_128_SHA
>
> When I connect to google.com the client uses:
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
A part from the RC4 vs AES difference here, which you can
probably fix by an appropriate ciphers string, as long as you
are using a recent openssl release, the difference between
RSA and ECDSA depends on the certificate. Google front-end
server will serve an ECC certificate, if the browser supports it,
and an RSA certificate otherwise.
In other words, you can only connect using ECDSA if you have
a ECC certificate, not a RSA certificate.
And since you can hardly only use ECC for compatibility reason
and haproxy (as well as nginx) can't really do ECC and RSA, you
will have to stick to RSA certificates for now.
Lukas
