Hello, a few months ago I started using multiple key type support in HAProxy. It means I have this in haproxy.cfg : bind :443 ssl crt example.pem
And these files: example.pem.rsa example.pem.rsa.ocsp example.pem.rsa.issuer example.pem.ecdsa example.pem.ecdsa.ocsp example.pem.ecdsa.issuer (see https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.1-crt) It is working very well :) I now need to handle specific DH parameters for a customer. Before, I used to add a DH block in pem file and it was working ... But here, the block is simply ignored, despite what is said in config : https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#3.2-tune.ssl.default-dh-param "This value is not used if static Diffie-Hellman parameters are supplied either directly in the certificate file or by using the ssl-dh-param-file parameter" I can confirm this behaviour happens only when certificate are loaded with .rsa / .ecdsa extension : it is working if I rename example.pem.rsa to example.pem I tried to create a file example.pem.rsa.dh or example.pem.rsa.dhparam with no luck (just tried those file names randomly :p). Olivier
