ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128

1. ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
2.  
3. ssl-default-bind-options no-sslv3
4.  
5. tune.ssl.default-dh-param 2048 # dfd -- warning message
6.  
7. defaults
8.  
9. log global
10.  
11. mode http
12.  
13. option httplog
14.  
15. option dontlognull
16.  
17. option forwardfor
18.  
19. option redispatch
20.  
21. retries 3
22.  
23. timeout connect 5000
24.  
25. timeout client 15m
26.  
27. timeout server 15m
28.  
29. timeout http-request 10s
30.  
31. timeout queue 1m
32.  
33. timeout http-keep-alive 10s
34.  
35. timeout check 10s
36.  
37. errorfile 400 /etc/haproxy/errors/400.http
38.  
39. errorfile 403 /etc/haproxy/errors/403.http
40.  
41. errorfile 408 /etc/haproxy/errors/408.http
42.  
43. errorfile 500 /etc/haproxy/errors/500.http
44.  
45. errorfile 502 /etc/haproxy/errors/502.http
46.  
47. errorfile 503 /etc/haproxy/errors/503.http
48.  
49. errorfile 504 /etc/haproxy/errors/504.http
50.  
51. listen stats
52.  
53. bind 10.1.252.4:7000
54.  
55. #mode http
56.  
57. stats enable
58.  
59. stats uri /
60.  
61. option httpclose
62.  
63. stats auth Username:Password
64.  
65.  
66. frontend inet
67.  
68. bind *:444 ssl crt /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem
69.  
70. #mode tcp
71.  
72. mode http # dfd
73.  
74. default_backend inetservers444
75.  
76.  
77. backend inetservers444
78.  
79. mode http
80.  
81. balance roundrobin
82.  
83. option httpchk GET /dfd/default.aspx
84.  
85. option log-health-checks
86.  
87. http-check expect status 200 OK
88.  
89. # server theserver xxxxxx.xxxxxxx.xxx.com:443 check check-ssl inter 15s verify required ca-file/etc/haproxy/cert02Root.pem
90.  
91. server theserver xxxxxx.xxxxxxx.xxx.com:80 check