On Thu, 9 Jun 2022 at 08:42, <spfma.t...@e.mail.fr> wrote: > > Hi, > > I need to enable TLS V1.0 because of some legacy clients which have just been > "discovered" and won't be updated.
Configure "ssl-default-bind-ciphers" as per: https://ssl-config.mozilla.org/#server=haproxy&version=2.3&config=old&openssl=1.1.1k&guideline=5.6 If you don't allow TLSv1.0 ciphers, TLSv1.0 can't be used. Also it's possible OpenSSL is so new it needs additional convincing. Share the full output of haproxy -vv, including the OpenSSL release please. > Can someone tell me what I am missing ? I have found a few messages > about adding other cipher suites, .... but nothing lead to an improvement. You will have to share more data. Full output of haproxy -vv, full ssl configuration. Can't really troubleshoot without configurations and exact software releases (openssl). Lukas
