Hi,
> When testing this config I get:
>
> [ALERT] 326/202736 (24201) : SSLv3 support requested but unavailable.
> Configuration file is valid
>
> After testing with ssllabs I also noticed tlsv10 and tlsv11 were still
> enabled. Downgrading to haproxy 1.5.14 removes the error when testing
> the config and shows the tls protocols as disabled when using ssllabs.
I don't see whats wrong here.
First of all, even if your ssllib was build without SSL3 support, the behavior
would be different:
- you should only see this with the force-sslv3 keyword, not with no-sslv3
- if you see it, it should be a fatal error, aborting, instead your output
suggests its just a warning (Configuration file is valid)
Are you sure that the executable was cleanly build (first "make clean",
only then "make ...")?
Can you elaborate what kind of OS we are talking about, and where the
openssl lib comes from (is it just a openssl-dev package from the
repository, or a custom build? static or shared?)
Thanks,
Lukas
