On Fri, Jan 26, 2018 at 01:26:35AM +1100, Igor Cicimov wrote: > Or you meant using the haproxy 16.04 image actually. Ok, another option is > to compile it myself with the openssl version I have atm.
What mostly matters is the version used to *build* haproxy, because some features have to be known at build time. If you pick an haproxy package made for a more recent distro using 1.0.2 or later, it will enable ALPN. Whether or not it will work on your current distro with your locally rebuilt openssl is a big question of course. You should definitely avoid building openssl yourself, it's the best way to forget about upgrading it when a vulnerability is disclosed. However if you're already doing it for other reasons it's different and then maybe you can build your own haproxy with this openssl version. But as Lukas said, the easiest solution is to upgrade the distro :-) Willy