> In HAProxy, this flag is currently statically disabled by default in > src/ssl_sock.c line 2539. Thus, when used with older OpenSSL versions > than 1.0.1r or 1.0.2f, users could be vulnerable.
I don't see it. Can you please elaborate what exact commit ID your are
refering to?
As far as I an see we do the exact opossite of what you are saying
(enabling SSL_OP_SINGLE_DH_USE unconditionally).
Lukas
