Hello Ryan,
Am 16.03.2017 um 17:02 schrieb Ryan Collier:
We have a legacy application that can only use TLS 1.1 due to the version of Java it supports (1.6). We connect to a third party for credit card authorizations, and they are going to be upgrading their web services endpoint to only accept TLS 1.2 traffic sometime over the Summer. We need to setup a proxy to intercept the TLS 1.1 traffic and bump it up to TLS 1.2 so that we can remain compliant. Can HAProxy do what I just described?
Haproxy can definitely do that. You would just configure the destination server as a backend with TLS termination enabled and configure your frontend as you need (with TLS or even plaintext).
Don't mess around with parameters like force-tlsv... etc, the correct TLS version will be negotiated.
cheers, lukas
