> De: "Julian Zielke" <[email protected]> > À: "Cyril Bonté" <[email protected]> > Cc: [email protected] > Envoyé: Mercredi 30 Août 2017 15:11:47 > Objet: AW: Enable SSL Forward Secrecy > > Hi Cyril, > > tired it without success. Maybe HaProxy isn't just capable of doing > this.
Oh well, indeed the "!kECDHE" excludes the ciphers from the list. You should retry without it (with or without RFC names in the ciphers list) > > ssl-default-bind-ciphers > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: > > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:AES256+EECDH:AES256+EDH:TLSv1+HIGH > > :!aNULL:!eNULL:!3DES:!RC4:!CAMELLIA:!DH:!kECDHE:@STRENGTH:!DHE Cyril Bonté
