HAProxy dont Support sslv2 Confirmation

Hello
HAProxy does not support native sslv2 enabled. Could you confirm? Is there a documentation link for reference?

Att
[o]
Jean Martinelli
Consultoria

+55 (47) 99948-6156 | +55 (47) 3035-3777
jean.martinelli@teiko.com.br<mailto:[email protected]>
http://www.teiko.com.br/

Hello Jean

From what I read SSLv2 is unused and SSLv3 can be enabled with a warning as
shown below

force-sslv3 :

Enforces the use of SSL protocol version SSLv3.

Note

Not recommended on Internet because of the poodle vulnerability:
https://poodle.io/


​SSLv2 has not been used on the internet in quite a while now and as per
the warning SSLv3 is unused by default but can be turned on.


https://www.haproxy.com/documentation/aloha/7-0/haproxy/tls/


Andruw Smalley

Loadbalancer.org Ltd.

www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
asmalley@loadbalancer.org

Leave a Review | Deployment Guides | Blog


On 6 November 2017 at 11:25, Jean Martinelli <[email protected]>
wrote:
>
> Hello
>
> HAProxy does not support native sslv2 enabled. Could you confirm? Is
there a documentation link for reference?
>
>
>
> Att
>
> Jean Martinelli
> Consultoria
>
>
>
> +55 (47) 99948-6156 | +55 (47) 3035-3777
> jean.martinelli@teiko.com.br
>
> http://www.teiko.com.br/

Hello Jean,


2017-11-06 12:25 GMT+01:00 Jean Martinelli <[email protected]>:
> Hello
>
> HAProxy does not support native sslv2 enabled. Could you confirm? Is there a
> documentation link for reference?

It's documented in the no-sslv3 parameters [1]:

> Note that SSLv2 is disabled in the code and cannot be enabled using any
> configuration option.


As Andrew mentioned, SSLv2 is completely outdated and insecure.
Current releases of OpenSSL even built without support for SSLv3 and
SSLv2 by default.


Regards,
Lukas

[1] http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-no-sslv3