RE: req_ssl_ver ACL not working

Julien Vehent Thu, 08 Oct 2015 09:15:06 -0700

On 2015-10-08 12:05, Julien Vehent wrote:

        acl tls12 req.payload(9,2) -m bin 0301


Oops... typo while copy/pasting my conf. The right config is below:

frontend https-in
        bind 0.0.0.0:443
        mode tcp
        tcp-request inspect-delay 5s
        tcp-request content accept if { req_ssl_hello_type 1 }

        acl sni_jve req.ssl_sni -i jve.linuxwall.info
        acl tls12 req.payload(9,2) -m bin 0303
        acl sslv3 req_ssl_ver 3.0

        use_backend jve_https if sni_jve tls12
        use_backend jve_https_sha1_ssl3 if sslv3
        # fallback to backward compatible sha1
        default_backend jve_https_sha1


- Julien

RE: req_ssl_ver ACL not working

Reply via email to