Public bug reported: Ubuntu Ubuntu 20.04.2 LTS haproxy installed: 2.0.13-2ubuntu0.1
haproxy -vv : Built with OpenSSL version : OpenSSL 1.1.1f 31 Mar 2020 Running on OpenSSL version : OpenSSL 1.1.1f 31 Mar 2020 OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 in the haproxy config ssl-min-ver TLSv1.0/TLSv1.1 is not usable on frontends. only TLS1.2 connectins will success. older versions (TLSv1 / TLSv1.1) of tls cannot be used. tests from client: #openssl s_client -connect server:443 -tls1 - failes with CONNECTED(00000005) 140607678620096:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1528:SSL alert number 70 with 1_2 it successes the ssl handshake: #openssl s_client -connect server:443 -tls1_2 bugs with this version http://www.haproxy.org/bugs/bugs-2.0.13.html possible solution: update to min. 2.0.15 http://git.haproxy.org/?p=haproxy-2.0.git;a=commitdiff;h=6dbb9a1 ** Affects: haproxy (Ubuntu) Importance: Undecided Status: New ** Tags: haproxy tlsv1 tlsv11 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1919450 Title: ssl-min-ver < TLs1.2 not usable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1919450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
