HAProxy ALOHA Documentation 12.5

Advanced TLS Options

The table below lists other arguments that you can add to a bind line when configuring TLS offloading.

Argument	Description
`ciphers`	Sets the list of TLS encryption ciphers to use, separated by colons, in order of preference. Fallback algorithms go at the end of the list. HAProxy ALOHA will choose the first cipher that the client also supports. Use this argument only for SSL and TLS versions up to TLS version 1.2. For TLS version 1.3 and newer, use `ciphersuites`. Sets the list of preferred ciphers. `frontend ft_myapp mode http bind :443 ssl crt default ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256...`
`ciphersuites`	Sets the list of TLS encryption ciphers to use, separated by colons, in order of preference. Fallback algorithms go at the end of the list. HAProxy ALOHA will choose the first cipher that the client also supports. Use this argument for TLS version 1.3 and newer. For older versions of SSL and TLS, use `ciphers` instead. Sets the list of preferred ciphers. `frontend ft_myapp mode http bind :443 ssl crt default ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384...`
`ssl-max-ver`	Sets the maximum version of SSL or TLS to use. Client will not be able to use versions newer than that. Values: SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Enforce TLS version 1.2 as the newest accepted version. `frontend ft_myapp mode http bind :443 ssl crt default ssl-max-ver TLSv1.2`
`ssl-min-ver`	Sets the minimum version of SSL or TLS to use. Clients will not be able to use versions older than that. Values: SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Enforce TLS version 1.2 as the oldest accepted version. `frontend ft_myapp mode http bind :443 ssl crt default ssl-min-ver TLSv1.2`

Next up