pfsense 2.7.2 HAProxy 2.8.3 is not allowing TLSv1.0, 1.1
-
after upgrading my pfsense from 2.7.0 to 2.7.2 my web application is stopped working due to TLSv1.0 and 1.1 is not supporting/allowing.
i have tried below settings but still not working
- SSL/TLS Compatibility Mode has been set to Old in global settings
- added to use tlsv1.0 and 1.1 forcefully in the Frontend setting, it allows 1.2 but not 1.0 and 1.1.
-
@anandpeculiar
not unsing HAProxy, but found this because an other SSL issue:
https://github.com/openssl/openssl/issues/17476#issuecomment-1010812582 -
@slu , Thanks for pointing the useful information, i ended up by binding :@SECLEVEL=0 at the end of the Advanced SSL option for each frontend where i need to allow the Older TLS version
-
Hi,
i have the same issue but putting :@SECLEVEL=0 to ssl-default-bind-ciphers just gives me an error:
section 'frontend' : 'crt-list' : parsing [/var/etc/haproxy_test/imap_test-994.crt_list:1]: unknown ssl keyword :@SECLEVEL=0
is there anything i can do?
regards