haproxy ssl相关配置

ssl-default-bind-options [<option>]...
This setting is only available when support for OpenSSL was built in. It sets
default ssl-options to force on all "bind" lines. Please check the "bind"
keyword to see available options.

Example:
global
ssl-default-bind-options no-sslv3 no-tls-tickets

ssl-default-bind-options

这个设置是只可用的当支持OpenSSL ,它设置  default ssl-options  为force 在所有的bind 项,

请检查 bind 关键字 来查看可用的选项:
Example:
global
ssl-default-bind-options no-sslv3 no-tls-tickets

force-sslv3
This option enforces use of SSLv3 only on SSL connections instantiated from
this listener. SSLv3 is generally less expensive than the TLS counterparts
for high connection rates. This option is also available on global statement
"ssl-default-bind-options". See also "no-tlsv*" and "no-sslv3".

force-tlsv10
This option enforces use of TLSv1.0 only on SSL connections instantiated from
this listener. This option is also available on global statement
"ssl-default-bind-options". See also "no-tlsv*" and "no-sslv3".

force-tlsv11
This option enforces use of TLSv1.1 only on SSL connections instantiated from
this listener. This option is also available on global statement
"ssl-default-bind-options". See also "no-tlsv*", and "no-sslv3".

force-tlsv12
This option enforces use of TLSv1.2 only on SSL connections instantiated from
this listener. This option is also available on global statement
"ssl-default-bind-options". See also "no-tlsv*", and "no-sslv3".

no-sslv3
This option disables support for SSLv3 when SSL is used to communicate with
the server. Note that SSLv2 is disabled in the code and cannot be enabled
using any configuration option. See also "force-sslv3", "force-tlsv*".

Supported in default-server: No

no-sslv3

这个选项 关闭支持SSLV3 当SSL是用于和server通讯,

注意SSLv2 是在代码里关闭,不能使用任何配置选项来启用