HAProxy pfsense ssllabs Overall Rating A+

20/06/2024 by - HAProxy, pfsense

pfsense v 2.7.2 – HAProxy 2.9-dev6-f75a369

Settings -> SSL/TLS Compatibility Mode -> Intermediate (disables HIGH ciphers, SHA1, TLS v1.0 and TLS v1.1.)

Frontend -> Advanced ssl options

ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

Frontend -> Advanced certificate specific ssl options

alpn h2,http/1.1 ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

Result

Protocols
TLS 1.3Yes
TLS 1.2Yes
TLS 1.1No
TLS 1.0No
SSL 3No
SSL 2No

TLS 1.3

TLS_AES_128_GCM_SHA256 (0x1301)   ECDH x25519 (eq. 3072 bits RSA)   FS128
TLS_AES_256_GCM_SHA384 (0x1302)   ECDH x25519 (eq. 3072 bits RSA)   FS256
TLS_CHACHA20_POLY1305_SHA256 (0x1303)   ECDH x25519 (eq. 3072 bits RSA)   FS256P

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH x25519 (eq. 3072 bits RSA)   FS128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH x25519 (eq. 3072 bits RSA)   FS256
Tag: ,