Re: Browser using wrong/weak ssl cipher only with haproxy

On Centos, after you update openssl, this is one choice ; .. .. bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/certs/yourkey.pem ciphers

RE: NOSRV/BADREQ from some Java based clients [SSL handshake issue]

Hi, Since we can't even properly connect to s_server, that may be the end of the road for those clients. However, I'm hoping there may be something that could be configured to allow them through HAProxy. Below is a s_server log. Note the read failure at the end. A similar capture in the view

Re: Browser using wrong/weak ssl cipher only with haproxy

Hi, On 21.02.2015 13:45, Dennis Jacobfeuerborn wrote: Hi, I noticed that when I use my browser (latest Firefox) to connect to haproxy then it will select an RC4 based cipher even though better options are available. When I make a connection to e.g. https://www.google.com/ the browser uses

RE: Browser using wrong/weak ssl cipher only with haproxy

When I connect to haproxy the client uses: TLS_ECDHE_RSA_WITH_RC4_128_SHA When I connect to google.com the client uses: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 A part from the RC4 vs AES difference here, which you can probably fix by an appropriate ciphers string, as long as you are using a

Browser using wrong/weak ssl cipher only with haproxy

Hi, I noticed that when I use my browser (latest Firefox) to connect to haproxy then it will select an RC4 based cipher even though better options are available. When I make a connection to e.g. https://www.google.com/ the browser uses the correct cipher instead (stronger and the first in the list