Hi,
On 2015-11-26 01:17, Lukas Tribus wrote:
Sander, I can't reproduce what you are saying about the actual SSL
configuration though; no-sslv3 no-tlsv10 no-tlsv11 works as expected
for me (only tlsv1.2 possible). Please double check (curl -kv --tlsv1.1
https://localhost).
I must have had a bra
Hi,
>> root@debianvm:/home/lukas/haproxy-1.6.2# haproxy -f /home/lukas/ssl.cfg -c
>> [ALERT] 328/203304 (9873) : SSLv3 support requested but unavailable.
>> Configuration file is valid
>> root@debianvm:/home/lukas/haproxy-1.6.2# ./haproxy -f /home/lukas/ssl.cfg -c
>> Configuration file is valid
>
❦ 25 novembre 2015 20:36 +0100, Lukas Tribus :
>>> I don't know. I got pre made packages from "http://haproxy.debian.net
>>> jessie-backports-1.6 main" maintained by Vincent Bernat if I'm correct.
>>
>> I think there's something wrong with that binary. I will try to reproduce
>> the problem with
Hi,
>> I don't know. I got pre made packages from "http://haproxy.debian.net
>> jessie-backports-1.6 main" maintained by Vincent Bernat if I'm correct.
>
> I think there's something wrong with that binary. I will try to reproduce
> the problem with it.
Confirmed. The 1.6.2 binary (haproxy) from
> On 2015-11-23 22:36, Lukas Tribus wrote:
>> Are you sure that the executable was cleanly build (first "make clean",
>> only then "make ...")?
>
> I don't know. I got pre made packages from "http://haproxy.debian.net
> jessie-backports-1.6 main" maintained by Vincent Bernat if I'm correct.
I thin
Hi Nenad,
On 2015-11-24 16:15, Nenad Merdanovic wrote:
Can you post a minimal configuration (or full) which reproduces this?
Yes, here it is:
global
log /dev/loglocal0
log /dev/loglocal1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.soc
Hello,
On 11/24/2015 1:47 PM, Sander Klein wrote:
> On 2015-11-23 22:36, Lukas Tribus wrote:
>> Can you elaborate what kind of OS we are talking about, and where the
>> openssl lib comes from (is it just a openssl-dev package from the
>> repository, or a custom build? static or shared?)
>
> It is
Hi,
On 2015-11-23 22:36, Lukas Tribus wrote:
Are you sure that the executable was cleanly build (first "make clean",
only then "make ...")?
I don't know. I got pre made packages from "http://haproxy.debian.net
jessie-backports-1.6 main" maintained by Vincent Bernat if I'm correct.
Can you
Hi,
> When testing this config I get:
>
> [ALERT] 326/202736 (24201) : SSLv3 support requested but unavailable.
> Configuration file is valid
>
> After testing with ssllabs I also noticed tlsv10 and tlsv11 were still
> enabled. Downgrading to haproxy 1.5.14 removes the error when testing
> the co
Hey Lukas,
On 2015-11-23 21:27, Lukas Tribus wrote:
1.5.15 is probably affected as well (the error above comes from a build
fix
for libssl that has been backported to 1.5).
Heh, didn't notice that release, else I would have tested with that
one...
Can you provide "haproxy -vv" output of bo
Hi Sander,
> When testing this config I get:
>
> [ALERT] 326/202736 (24201) : SSLv3 support requested but unavailable.
> Configuration file is valid
>
> After testing with ssllabs I also noticed tlsv10 and tlsv11 were still
> enabled. Downgrading to haproxy 1.5.14 removes the error when testing
>
Hi All,
I'm running haproxy 1.6.2 and it seems it ignores the values given with
ssl-default-bind-options and/or ssl-default-server-options.
I have the following in my global conf:
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-bind-ciphers
ECDH+AESGCM:DH+AE
12 matches
Mail list logo
