Jean Martinelli
HAProxy dont Support sslv2 Confirmation
November 06, 2017 12:30PM
Hello
HAProxy does not support native sslv2 enabled. Could you confirm? Is there a documentation link for reference?

Att
[o]
Jean Martinelli
Consultoria

+55 (47) 99948-6156 | +55 (47) 3035-3777
jean.martinelli@teiko.com.br<mailto:[email protected]>
http://www.teiko.com.br/
Attachments:
open | download - image001.jpg (18.9 KB)
Andrew Smalley
Re: HAProxy dont Support sslv2 Confirmation
November 06, 2017 12:40PM
Hello Jean

From what I read SSLv2 is unused and SSLv3 can be enabled with a warning as
shown below

force-sslv3 :

Enforces the use of SSL protocol version SSLv3.

Note

Not recommended on Internet because of the poodle vulnerability:
https://poodle.io/


​SSLv2 has not been used on the internet in quite a while now and as per
the warning SSLv3 is unused by default but can be turned on.


https://www.haproxy.com/documentation/aloha/7-0/haproxy/tls/


Andruw Smalley

Loadbalancer.org Ltd.

www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
asmalley@loadbalancer.org

Leave a Review | Deployment Guides | Blog


On 6 November 2017 at 11:25, Jean Martinelli <[email protected]>
wrote:
>
> Hello
>
> HAProxy does not support native sslv2 enabled. Could you confirm? Is
there a documentation link for reference?
>
>
>
> Att
>
> Jean Martinelli
> Consultoria
>
>
>
> +55 (47) 99948-6156 | +55 (47) 3035-3777
> jean.martinelli@teiko.com.br
>
> http://www.teiko.com.br/
Lukas Tribus
Re: HAProxy dont Support sslv2 Confirmation
November 06, 2017 06:30PM
Hello Jean,


2017-11-06 12:25 GMT+01:00 Jean Martinelli <[email protected]>:
> Hello
>
> HAProxy does not support native sslv2 enabled. Could you confirm? Is there a
> documentation link for reference?

It's documented in the no-sslv3 parameters [1]:

> Note that SSLv2 is disabled in the code and cannot be enabled using any
> configuration option.


As Andrew mentioned, SSLv2 is completely outdated and insecure.
Current releases of OpenSSL even built without support for SSLv3 and
SSLv2 by default.


Regards,
Lukas

[1] http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-no-sslv3
Sorry, only registered users may post in this forum.

Click here to login