Hide Forgot
RHEL6 currently has haproxy version 1.5.4. Newer upstream versions contain multiple bug fixes, as well as newer configuration options that recommended by Mozilla [1]. In particular, ssl-default-bind-options and ssl-default-server-options were added in 1.5.7. RHEL7 recently rebased haproxy to 1.5.14 [2]. The latest upstream version is currently 1.5.16 [3]. Please rebase haproxy to a newer version. Aligning with RHEL7's version seems appropriate, but anything newer that 1.5.7 would be a significant improvement. [1]: https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy-1.5.14&openssl=1.0.1e&hsts=yes&profile=intermediate [2]: https://bugzilla.redhat.com/show_bug.cgi?id=1212193 [3]: http://www.haproxy.org/download/1.5/src/
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0721.html