pfsense-haproxy-package-doc icon indicating copy to clipboard operation
pfsense-haproxy-package-doc copied to clipboard

Published 20 hours ago verified publisher icon PiBa-NL

After configuring HAProxy to use cipher excluding RC4 its still appears

Open moh10ly opened this issue 5 years ago • 2 comments

While trying to secure the HAProxy to use the most secure Ciphers and protocols, I have disabled SSL3, tls1.0 and 1.1 and left 1.2 enabled only. When running test on ssllabs.com it shows that HAproxy accepts RC4 cipher with old protocols only. Thank you

moh10ly avatar Feb 25 '20 23:02 moh10ly

Sounds like you configured options, have you configured ciphers also? https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.0&ocsp=false&guideline=5.4

PiBa-NL avatar Feb 26 '20 19:02 PiBa-NL

Hi PiBa, I managed to do it by placing the cipher in the same line as Advanced SSL options. I used the following and now it's showing as expected.

Thank you so much

force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

moh10ly avatar Feb 26 '20 22:02 moh10ly