HAproxy: ACL with weaker SSL-ciphers for one IP possible?
sgw last edited by sgw
At a customer I run a nextcloud instance behind HAproxy, with SSL-offloading.
The ciphers are rather strong/safe and now their ASP-provider told us that "our SSL cert is too new" for their Windows 2008 ASP server to connect (via nextcloud client).
I assume it's not the cert but the strong ciphers.
And I'd like to avoid lowering the security for them only (guys, upgrade!).
Can I have a separate ACL for them in HAproxy with weaker ciphers?
From looking at the dropdown menu in the frontend config I'd say no ... am I right here?