On Wed, May 20, 2015 at 9:39 AM, Amol <[email protected]> wrote: > Thanks you for responding and i wanted to share some more from my findings > > when i set > *ssl-default-bind-options no-sslv3 force-tlsv12* > > $ sudo vi /etc/haproxy/haproxy.cfg > :~$ sudo /etc/init.d/haproxy restart > * Restarting haproxy > haproxy > [ALERT] 139/122930 (8602) : parsing [/etc/haproxy/haproxy.cfg:22] : > 'ssl-default-bind-options' 'force-tlsv12': library does not support > protocol TLSv1.2 > [ALERT] 139/122930 (8602) : Error(s) found in configuration file : > /etc/haproxy/haproxy.cfg > [ALERT] 139/122930 (8602) : Fatal errors found in configuration. >
Yes, it sounds like your openssl lib must be pretty old or is oddly configured. What does "haproxy -vv" and "openssl version" report? You can see a list of supported ciphers and protocols using "openssl ciphers -v" as well. -Bryan
