Suggestion for ACL groups

Hi, lately I had to define multiple acls in our pfsense box runnign HaProxy 1.6.x. The challenge was to configure a frontend with multiple URLs as ACLs and also limit IPs to some URLs and some other avaiable to any or a different set of IPs. Example: a_url1 --> host match

AW: Enable SSL Forward Secrecy

Hi Georg, tried this already without effect. - Julian -Ursprüngliche Nachricht- Von: Georg Faerber [mailto:ge...@riseup.net] Gesendet: Mittwoch, 30. August 2017 11:51 An: haproxy@formilux.org Betreff: Re: Enable SSL Forward Secrecy On 17-08-30 09:33:23, Julian Zielke wrote: >

AW: Enable SSL Forward Secrecy

-EDE-CBC-SHA Von: Julian Zielke [mailto:jzie...@next-level-integration.com] Gesendet: Mittwoch, 30. August 2017 12:23 An: Daniel Schneller <daniel.schnel...@centerdevice.com> Cc: Georg Faerber <ge...@riseup.net>; haproxy+h...@formilux.org <haproxy@formilux.org> Betreff: AW:

AW: Enable SSL Forward Secrecy

An: Julian Zielke <jzie...@next-level-integration.com> Cc: haproxy+h...@formilux.org <haproxy@formilux.org> Betreff: Re: Enable SSL Forward Secrecy Hi, You might want to include a link to your Qualys results to help others see what exactly they say. At a casual glance the ciphers looks ok,

AW: Enable SSL Forward Secrecy

. * Julian Von: Daniel Schneller [mailto:daniel.schnel...@centerdevice.com] Gesendet: Mittwoch, 30. August 2017 11:58 An: Julian Zielke <jzie...@next-level-integration.com> Cc: Georg Faerber <ge...@riseup.net>; haproxy+h...@formilux.org <haproxy@formilux.org> Betreff: Re: Enable S

Enable SSL Forward Secrecy

Hi, I'm struggeling with enabling SSL forward secrecy in my haproxy 1.7 setup. So far the global settings look like: tune.ssl.default-dh-param 2048 # tune shared secred to 2048bits ssl-default-bind-options force-tlsv12 no-sslv3 ssl-default-bind-ciphers

AW: Enable SSL Forward Secrecy

* Julian Von: Daniel Schneller [mailto:daniel.schnel...@centerdevice.com] Gesendet: Mittwoch, 30. August 2017 12:21 An: Julian Zielke <jzie...@next-level-integration.com> Cc: Georg Faerber <ge...@riseup.net>; haproxy+h...@formilux.org <haproxy@formilux.org> Betreff: Re: Enable S

AW: Enable SSL Forward Secrecy

An: Julian Zielke <jzie...@next-level-integration.com> Cc: Georg Faerber <ge...@riseup.net>; haproxy+h...@formilux.org <haproxy@formilux.org> Betreff: Re: Enable SSL Forward Secrecy Well, that’s quite extensive. But still, the server at portal-vonovia.next-level-apps

AW: Enable SSL Forward Secrecy

...@centerdevice.com] Gesendet: Mittwoch, 30. August 2017 15:54 An: Cyril Bonté <cyril.bo...@free.fr> Cc: Julian Zielke <jzie...@next-level-integration.com>; haproxy+h...@formilux.org <haproxy@formilux.org> Betreff: Re: Enable SSL Forward Secrecy Darn! Looking at the “openssl cipher

AW: Enable SSL Forward Secrecy

Hi Cyril, tired it without success. Maybe HaProxy isn't just capable of doing this. Julian -Ursprüngliche Nachricht- Von: Cyril Bonté [mailto:cyril.bo...@free.fr] Gesendet: Mittwoch, 30. August 2017 14:49 An: Julian Zielke <jzie...@next-level-integration.com> Cc: haproxy@formil