Haproxy TLS configuration

Question

I need to create haproxy with tls , although its working successfully with ssl certificate , i have done below configuration

global log 127.0.0.1 local0 debug ssl-default-bind-options no-sslv3 2048

Its giving below error , please suggest where should i change

[ALERT] 330/075452 (70779) : parsing [/etc/haproxy/haproxy.cfg:8] : unknown keyword 'ssl-default-bind-options' in 'global' section [ALERT] 330/075452 (70779) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [WARNING] 330/075452 (70779) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear. [ALERT] 330/075452 (70779) : Fatal errors found in configuration.

ssl-default-bind-options seems to have been implemented in 1.5.7, so no wonder it doesn't work with 1.5.4. It should work with 1.6.9 though. — Gerald Schneider
– Gerald Schneider, Commented Nov 27, 2018 at 7:44
hm ... seems I misread that news entry. It doesn't say that the option was implemented with that version. Sorry about that. — Gerald Schneider
– Gerald Schneider, Commented Nov 27, 2018 at 7:53

Tommiie · Accepted Answer · 2018-11-27 12:19:46Z

Try:

global log 127.0.0.1 local0 debug ssl-default-bind-options no-sslv3 tune.ssl.default-dh-param 2048

xinxiaoyu · Accepted Answer · 2020-08-10 10:50:22Z

Same question. But I do this.

[root@ops ~]# haproxy -vv | grep OpenSSL Built without OpenSSL support (USE_OPENSSL not set)

So, need remake haproxy and reinstall it.

tar -zxvf haproxy***.tar.gz yum install openssl openssl-devel pcre pcre-devel gcc -y make USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 make install

then

haproxy check

Stack Exchange Network

Haproxy TLS configuration

2 Answers 2

You must log in to answer this question.

Hot Network Questions

Haproxy TLS configuration

2 Answers 2

You must log in to answer this question.

Related

Hot Network Questions