Am 24.10.22 um 15:50 schrieb Aleksandar Lazic:
Hi Roberto.
On 24.10.22 03:21, Roberto Carna wrote:
Dear, I have this scenario:
Internet --> HAproxy Frontend --> HAproxy Backend --> Web servers
What is the config for the frontend of the HAProxy Frontend?
BTW.: HAProxy 1.5 is't maintained any more since 2020-01-10
https://www.haproxy.org/
You can get a more recent version from this repos.
https://github.com/iusrepo?q=hap&type=all&language=&sort=
https://github.com/DBezemer/rpm-haproxy
Thanks in advance, greetings!!!
Regards
Alex
you really should upgrade haproxy.
to configure ssl versions you can set global optoins (eg)
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
in the global section. here i disallow tls v1.0 and v1.1.
you can have a look at
https://mozilla.github.io/server-side-tls/ssl-config-generator/
to get a valid ssl config with ciphers etc.
you have to consider two things:
1) which clients will access your haproxy (frontend). if you have old or legacy browsers or even some applications with
(old java) this will affect the choice of ciphers and protocols.
2) which openssl version is installed on your server and which openssl version will haproxy use. Some old openssl libs
don't support tls v1.2.... (maybe even not v1.1, if it's toooo old)
markus
