Hi Galit,
> I want to emphasize that the following test succeeded:
>
> [root@proxy-au51 ~]# openssl s_client -connect 10.106.75.53:50443 -tls1
>
> CONNECTED(00000003)
Ok.
> Built with OpenSSL version : OpenSSL 0.9.8b 04 May 2006
> Running on OpenSSL version : OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
I don't like this. build against an older non-fips 0.9.8b while running
with 0.9.8e-fips. This could be very well cause issues here.
Let me guess, RPMs have not been installed via the original repository,
but via third party RPM website from Google, right? Thats not good.
> Should I just add to haproxy.cfg the following?
> force-tlsv10
Yes, you can try:
global
ssl-default-server-options no-sslv3
or:
global
ssl-default-server-options force-tlsv10
But I'm afraid it may be more complex than that ...
Regards,
Lukas
