Hello everyone, Doing a testssl scan on our server, with PFS, the following was returned :
TLS 1.2 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224 RSA+SHA1 TLS 1.3 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 With TLS 1.2 you can see that RSA+SHA1 is available. I was unable to find a way to disable it in HAProxy config. Can you point me to the right direction ? A way to reproduce it : openssl s_client -tls1_2 -sigalgs "RSA+SHA1 " -connect X.X.X.X:443 Thanks, Olivier
