ssl-min-ver directive in Haproxy shared frontends



  • I got a quite strange thing in HAProxy.
    Defining ssl-min-ver as a default bind or default server option (in global, Global Advanced pass thru) works fine. It also seems to work in a frontend, in Bind pass thru under advanced settings.

    However, I’d like to use it in shared frontends, under Advanced certificate specific ssl options, so the different frontends can have different TLS settings. It’s even in the NOTE below that It should be possible to use it over there. But if I put it over there I got a warning: crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).

    If it really is the used OpenSSL version, I don’t understand why it is only not accepted there and is accepted and works on other mentioned fields.

    The Openssl version is something that’s global, right?


Log in to reply