Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ssl-min-ver directive in Haproxy shared frontends

    Cache/Proxy
    1
    1
    549
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wickeren
      last edited by wickeren

      I got a quite strange thing in HAProxy.
      Defining ssl-min-ver as a default bind or default server option (in global, Global Advanced pass thru) works fine. It also seems to work in a frontend, in Bind pass thru under advanced settings.

      However, I’d like to use it in shared frontends, under Advanced certificate specific ssl options, so the different frontends can have different TLS settings. It’s even in the NOTE below that It should be possible to use it over there. But if I put it over there I got a warning: crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).

      If it really is the used OpenSSL version, I don’t understand why it is only not accepted there and is accepted and works on other mentioned fields.

      The Openssl version is something that’s global, right?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.