Skip to content

Commit

Permalink
Haproxy: Minimse the cipher list that is exposed. Logging still shows…
Browse files Browse the repository at this point in the history 
… TlSv1.2, so we still support it for a while
  • Loading branch information
@quartje
quartje committed Jul 4, 2024
1 parent 957b3ac commit 6622e3d
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions roles/haproxy/templates/haproxy_global.cfg.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ global
ulimit-n 9000
daemon
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128
ssl-default-server-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128
{% if haproxy_metricbeat %}
stats socket 127.0.0.1:14567
{% endif %}
Expand Down

0 comments on commit 6622e3d

Please sign in to comment.