I've enabled stats on haproxy 1.8.10 With
haproxy.conf ... listen stats ... bind 192.0.2.1:1234 ... the non-ssl stats web page is fully accessible/functional. If I enable ssl for it, 1st concatenating my crt & key cat haproxy.crt.pem haproxy.key.pem > haproxy.CONCAT.crt.pem Checking the cert, with my CA cert openssl verify \ -CAfile /usr/local/etc/haproxy/ssl/myCA.CHAIN.crt.pem \ /usr/local/etc/haproxy/ssl/haproxy.CONCAT.pem haproxy.CONCAT.crt.pem: OK Verifying cipher support openssl ciphers -tls1_2 ...:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:... then configuring haproxy.conf global ... + ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 + ssl-default-bind-options force-tlsv12 ... listen stats ... - bind 192.0.2.1:1234 + bind 192.0.2.1:1234 ssl crt /usr/local/etc/haproxy/ssl/haproxy.CONCAT.crt.pem ca-file /usr/local/etc/haproxy/ssl/myCA.CHAIN.crt.pem ... secure access to the stats page fails, Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP I regularly use my generated certs/keys with CHACHA20 ciphers elsewhere, so they're not _inherently_ the issue. If not a simple config issue on my end, I suspect it's possible this is (?) related to the 'mystery' Openssl lib linking issue I've having, @ https://www.mail-archive.com/haproxy@formilux.org/msg30448.html