Hi Galit,
> I want to emphasize that the following test succeeded: > > [root@proxy-au51 ~]# openssl s_client -connect 10.106.75.53:50443 -tls1 > > CONNECTED(00000003) Ok. > Built with OpenSSL version : OpenSSL 0.9.8b 04 May 2006 > Running on OpenSSL version : OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 I don't like this. build against an older non-fips 0.9.8b while running with 0.9.8e-fips. This could be very well cause issues here. Let me guess, RPMs have not been installed via the original repository, but via third party RPM website from Google, right? Thats not good. > Should I just add to haproxy.cfg the following? > force-tlsv10 Yes, you can try: global ssl-default-server-options no-sslv3 or: global ssl-default-server-options force-tlsv10 But I'm afraid it may be more complex than that ... Regards, Lukas