Hello List, Since HAProxy 1.8, the minimum default TLS version for bind lines is TLSv10. I was thinking to increase this minimum default to TLSv11 before the 2.2 release. But when we discussed the other day about the DH param set to 2048 by default, I read that RHEL 8 was also disabling TLSv11 by default. TLSv12 now exists for 12 years, it is widely-spread nowadays.
So in my opinion we should do the same, and set the minimum version to TLSv12 by default on bind lines. It's still configurable with min-ssl-ver if you want the support for prior TLS versions. Does anybody have any objections? -- William Lallemand
