From 700cd9d683398fa9e645aac8af1d1bff82f103a0 Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@nordu.net>
Date: Wed, 9 Mar 2022 09:41:08 +0100
Subject: [PATCH] Changed allowed ciphers in haproxy config

---
 .../overlay/opt/frontend/config/common/haproxy_base.j2        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fe-test-common/overlay/opt/frontend/config/common/haproxy_base.j2 b/fe-test-common/overlay/opt/frontend/config/common/haproxy_base.j2
index 521ded45..57b6c808 100644
--- a/fe-test-common/overlay/opt/frontend/config/common/haproxy_base.j2
+++ b/fe-test-common/overlay/opt/frontend/config/common/haproxy_base.j2
@@ -18,8 +18,8 @@ global
     ca-base /etc/ssl/certs
     crt-base /etc/ssl/private
 
-    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
-    ssl-default-bind-options no-sslv3
+    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5:!DSS
+    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
     tune.ssl.default-dh-param 2048
 
     spread-checks 20