Am Fr., 12. Juni 2020 um 15:24 Uhr schrieb Lukas Tribus <li...@ltri.eu>:
> Hello Bjoern, > > > On Fri, 12 Jun 2020 at 15:09, bjun...@gmail.com <bjun...@gmail.com> wrote: > > > > Hi, > > > > currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14. > > > > I'm trying to get TLSv1 working (we need this for some legacy clients), > so far without success. > > > > I've read different things, on the one hand Ubuntu has removed > TLSv1/TLSv1.1 support completely, otherwise that it can be enabled: > http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2/changelog > > > > Is there anything that can be set in HAProxy? (apart from > "ssl-default-bind-options ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.2") > > > > Has anybody more information on this matter or has TLSv1 working in > Ubuntu 20.04 + HAProxy? > > > Please try "force-tlsv10" *directly* on the bind line (not from > ssl-default-bind-options). > > There are two issues: > > Bug 595 [1]: ssl-min-ver does not work from ssl-default-bind-options > Bug 676 [2]: ssl-min-ver does not work properly depending on OS defaults > > If force-tlsv10 works directly on the bind line to enable TLSv1.0, > then the next release 2.0.15 should work fine as it contains both > fixes. > > > > Regards, > > Lukas > > > [1] https://github.com/haproxy/haproxy/issues/595 > [2] https://github.com/haproxy/haproxy/issues/676 Hi Lukas, "force-tlsv10" directly on the bind line doesn't work (i've also tried in "ssl-default-bind-options", same result). Best regards / Mit freundlichen Grüßen Bjoern
