Hello,
> Hehe yikes! This was it. It’s normal that someone get’s lost in all > this cipher crap and it should be written in the HaProxy manual as > an important step on how to harden security. Its not a good idea to suggest specific cipher settings in the manual, as the situation may change faster than we are able to update it; especially considering lack of backports to packages in distro repositories. Instead I would suggest to take the advice of trusted sources (as opposed to random blog posts) like Mozilla: https://wiki.mozilla.org/Security/Server_Side_TLS https://mozilla.github.io/server-side-tls/ssl-config-generator/ cheers, lukas