Hi, I need to enable TLS V1.0 because of some legacy clients which have just been "discovered" and won't be updated. As far as I can see, my executable has been compiled with the right support : HA-Proxy version 2.3.20-1ppa1~focal 2022/04/29 - https://haproxy.org/ OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 So I tried something like "ssl-default-bind-options ssl-min-ver TLSv1.0 no-sslv3" in the global section, but I am never offered the version I need : curl -v --tlsv1.0 --tls-max 1.1 https://my.site.my.domain/ * Trying xxx.xxx.xxx.xxx:443... * Connected to my.site.my.domain (xxx.xxx.xxx.xxx) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS header, Unknown (21): * TLSv1.3 (OUT), TLS alert, protocol version (582): * error:0A0000BF:SSL routines::no protocols available * Closing connection 0 curl: (35) error:0A0000BF:SSL routines::no protocols available Can someone tell me what I am missing ? I have found a few messages about adding other cipher suites, .... but nothing lead to an improvement. Regards ------------------------------------------------------------------------------------------------- FreeMail powered by mail.fr
------------------------------------------------------------------------------------------------- FreeMail powered by mail.fr
