Dear all, I have HAproxy 1.8.27 which has TLS 1.0/1.1/1.2/1.3 support.
I have defined two URL's inside the haproxy.cfg: www1.example.com www2.example.com If I test the TLS support connection using openssl and nmap, I get the following: www1.example.com --> TLS 1.2 www2.example.com --> TLS 1.3 Both URL's are configured in the same way in haproxy.cfg, there is no TLS version forcing. If I use openssl with TLS 1.3 test, I get: >openssl s_client -connect www1.example.com:443 -tls1_3 CONNECTED(00000278) 20430000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl\record\rec_layer_s3.c:1586:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 268 bytes Verification: OK --- New, (NONE), Cipher is (NONE) This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) So why www1.example.com negotiates TLS 1.2 and www2.example.com negotiates TLS 1.3 ??? Thanks a lot!!!
