HAproxy: ACL with weaker SSL-ciphers for one IP possible?

  • At a customer I run a nextcloud instance behind HAproxy, with SSL-offloading.
    The ciphers are rather strong/safe and now their ASP-provider told us that "our SSL cert is too new" for their Windows 2008 ASP server to connect (via nextcloud client).

    I assume it's not the cert but the strong ciphers.
    And I'd like to avoid lowering the security for them only (guys, upgrade!).

    Can I have a separate ACL for them in HAproxy with weaker ciphers?
    From looking at the dropdown menu in the frontend config I'd say no ... am I right here?

Log in to reply