HAProxy SSL cipher list

This is the haproxy cipher list Snapt is most likely going to roll out next:


If you are using haproxy for SSL termination it’s a good idea to manually specify a cipher list to prevent attacks like BEAST, or other protocol weaknesses.

One thought on “HAProxy SSL cipher list

  1. I’m using:

    ssl-default-bind-ciphers AES:ALL:!aNULL:!eNULL:!DES:!RC4:!DHE:!EDH:!MD5:!PSK:!aECDH:@STRENGTH

    This gives an A+ SSL Labs rating for haproxy along with IE6 support with TLS 1.0 enabled.

    Hope this helps

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s