@free.fr>;
haproxy+h...@formilux.org <haproxy@formilux.org>
Subject: Re: Enable SSL Forward Secrecy
On Fri, Sep 01, 2017 at 07:37:50PM +0200, Daniel Schneller wrote:
> Hi,
>
> inspired by this, I added a paragraph with links to the documentation.
> Small patch attached.
Cool, thank
On Fri, Sep 01, 2017 at 07:37:50PM +0200, Daniel Schneller wrote:
> Hi,
>
> inspired by this, I added a paragraph with links to the documentation.
> Small patch attached.
Cool, thanks Daniel, now applied.
Willy
Hi,inspired by this, I added a paragraph with links to the documentation.Small patch attached.Cheers,Daniel
0001-DOC-Refer-to-Mozilla-TLS-info-config-generator.patch
Description: Binary data
-- Daniel SchnellerPrincipal Cloud Engineer CenterDevice GmbH | Hochstraße 11
On Fri, Sep 01, 2017 at 07:04:36PM +0200, Willy Tarreau wrote:
> Hi Cyril,
s/Cyril/Lukas, sorry guys, that's what happens when I read one e-mail
and reply to another one at the same time :-)
Willy
Hi Cyril,
On Wed, Aug 30, 2017 at 06:55:07PM +0200, Lukas Tribus wrote:
> Hello,
>
>
> > Hehe yikes! This was it. It's normal that someone get's lost in all
> > this cipher crap and it should be written in the HaProxy manual as
> > an important step on how to harden security.
>
> Its not a
Hello,
> Hehe yikes! This was it. It’s normal that someone get’s lost in all
> this cipher crap and it should be written in the HaProxy manual as
> an important step on how to harden security.
Its not a good idea to suggest specific cipher settings in the manual, as
the situation may change
...@centerdevice.com]
Gesendet: Mittwoch, 30. August 2017 15:54
An: Cyril Bonté <cyril.bo...@free.fr>
Cc: Julian Zielke <jzie...@next-level-integration.com>;
haproxy+h...@formilux.org <haproxy@formilux.org>
Betreff: Re: Enable SSL Forward Secrecy
Darn! Looking at the “openssl cipher
Cc: haproxy@formilux.org
>> Envoyé: Mercredi 30 Août 2017 15:11:47
>> Objet: AW: Enable SSL Forward Secrecy
>>
>> Hi Cyril,
>>
>> tired it without success. Maybe HaProxy isn't just capable of doing
>> this.
>
> Oh well, indeed the "!kECDHE"
> De: "Julian Zielke" <jzie...@next-level-integration.com>
> À: "Cyril Bonté" <cyril.bo...@free.fr>
> Cc: haproxy@formilux.org
> Envoyé: Mercredi 30 Août 2017 15:11:47
> Objet: AW: Enable SSL Forward Secrecy
>
> Hi Cyril,
>
> tired it
ux.org
Betreff: Re: Enable SSL Forward Secrecy
Hi Julian,
> De: "Julian Zielke" <jzie...@next-level-integration.com>
> Hi,
>
> I’m struggeling with enabling SSL forward secrecy in my haproxy 1.7
> setup.
>
> So far the global settings look like:
>
> tu
Hi Julian,
> De: "Julian Zielke"
> Hi,
>
> I’m struggeling with enabling SSL forward secrecy in my haproxy 1.7
> setup.
>
> So far the global settings look like:
>
> tune.ssl.default-dh-param 2048 # tune shared secred to 2048bits
> ssl-default-bind-options
<ge...@riseup.net <mailto:ge...@riseup.net>>;
> haproxy+h...@formilux.org <mailto:haproxy+h...@formilux.org>
> <haproxy@formilux.org <mailto:haproxy@formilux.org>>
> Betreff: Re: Enable SSL Forward Secrecy
>
> Well, that’s quite extensiv
An: Julian Zielke <jzie...@next-level-integration.com>
Cc: Georg Faerber <ge...@riseup.net>; haproxy+h...@formilux.org
<haproxy@formilux.org>
Betreff: Re: Enable SSL Forward Secrecy
Well, that’s quite extensive.
But still, the server at
portal-vonovia.next-level-apps
BC3-SHA
> ECDH-ECDSA-DES-CBC3-SHA
> DES-CBC3-SHA
> PSK-3DES-EDE-CBC-SHA
>
> Von: Julian Zielke [mailto:jzie...@next-level-integration.com
> <mailto:jzie...@next-level-integration.com>]
> Gesendet: Mittwoch, 30. August 2017 12:23
> An: Daniel Schneller <daniel.
ailto:ge...@riseup.net>>;
haproxy+h...@formilux.org<mailto:haproxy+h...@formilux.org>
<haproxy@formilux.org<mailto:haproxy@formilux.org>>
Betreff: Re: Enable SSL Forward Secrecy
Ok, so that’s not it. What about the ciphers output?
--
Daniel Schneller
Principal Cloud
* Julian
Von: Daniel Schneller [mailto:daniel.schnel...@centerdevice.com]
Gesendet: Mittwoch, 30. August 2017 12:21
An: Julian Zielke <jzie...@next-level-integration.com>
Cc: Georg Faerber <ge...@riseup.net>; haproxy+h...@formilux.org
<haproxy@formilux.org>
Betreff: Re: Enable S
n is 1.7.9.
>
> Julian
>
> Von: Daniel Schneller [mailto:daniel.schnel...@centerdevice.com]
> Gesendet: Mittwoch, 30. August 2017 11:58
> An: Julian Zielke <jzie...@next-level-integration.com>
> Cc: Georg Faerber <ge...@riseup.net>; haproxy+h...@formilux.org
&g
.
* Julian
Von: Daniel Schneller [mailto:daniel.schnel...@centerdevice.com]
Gesendet: Mittwoch, 30. August 2017 11:58
An: Julian Zielke <jzie...@next-level-integration.com>
Cc: Georg Faerber <ge...@riseup.net>; haproxy+h...@formilux.org
<haproxy@formilux.org>
Betreff: Re: Enable S
ote:
>
> Hi Georg,
>
> tried this already without effect.
>
> - Julian
>
> -Ursprüngliche Nachricht-
> Von: Georg Faerber [mailto:ge...@riseup.net]
> Gesendet: Mittwoch, 30. August 2017 11:51
> An: haproxy@formilux.org
> Betreff: Re: Enable SSL F
ation.com>
> Cc: haproxy+h...@formilux.org <haproxy@formilux.org>
> Betreff: Re: Enable SSL Forward Secrecy
>
> Hi,
>
> You might want to include a link to your Qualys results to help others see
> what exactly they say.
> At a casual glance the ciphers looks ok, but
Hi Georg,
tried this already without effect.
- Julian
-Ursprüngliche Nachricht-
Von: Georg Faerber [mailto:ge...@riseup.net]
Gesendet: Mittwoch, 30. August 2017 11:51
An: haproxy@formilux.org
Betreff: Re: Enable SSL Forward Secrecy
On 17-08-30 09:33:23, Julian Zielke wrote:
>
On 17-08-30 09:33:23, Julian Zielke wrote:
> Hi,
>
> I'm struggeling with enabling SSL forward secrecy in my haproxy 1.7 setup.
>
> So far the global settings look like:
>
> tune.ssl.default-dh-param 2048 # tune shared secred to 2048bits
>
> ssl-default-bind-options force-tlsv12 no-sslv3
>
An: Julian Zielke <jzie...@next-level-integration.com>
Cc: haproxy+h...@formilux.org <haproxy@formilux.org>
Betreff: Re: Enable SSL Forward Secrecy
Hi,
You might want to include a link to your Qualys results to help others see what
exactly they say.
At a casual glance the ciphers looks ok,
Hi,
You might want to include a link to your Qualys results to help others see what
exactly they say.
At a casual glance the ciphers looks ok, but it would be easier to see the
SSLlabs output.
If you don’t want to share it, I suggest scrolling down and looking at the
results of the per-browser
Hi,
I'm struggeling with enabling SSL forward secrecy in my haproxy 1.7 setup.
So far the global settings look like:
tune.ssl.default-dh-param 2048 # tune shared secred to 2048bits
ssl-default-bind-options force-tlsv12 no-sslv3
ssl-default-bind-ciphers
25 matches
Mail list logo