btw, what is minimal supported openssl version ? 0.9.7 ? how will that work on it ?
пт, 29 мая 2020 г. в 12:11, William Lallemand <wlallem...@haproxy.com>: > On Wed, May 27, 2020 at 12:40:54PM +0200, William Lallemand wrote: > > Hello List, > > > > Since HAProxy 1.8, the minimum default TLS version for bind lines is > > TLSv10. I was thinking to increase this minimum default to TLSv11 before > > the 2.2 release. But when we discussed the other day about the DH > > param set to 2048 by default, I read that RHEL 8 was also disabling > > TLSv11 by default. TLSv12 now exists for 12 years, it is widely-spread > > nowadays. > > > > So in my opinion we should do the same, and set the minimum version to > > TLSv12 by default on bind lines. It's still configurable with > > min-ssl-ver if you want the support for prior TLS versions. > > > > Does anybody have any objections? > > > > Thanks for the feedbacks, I made the change and pushed it in the master. > > -- > William Lallemand > >
