[haproxy] default haproxy.cfg don't have secure SSL/TLS options!
Dear Maintainer,
The haproxy.cfg
default configuration file shipped with the package is
not safe. No SSL/TLS directives are setted and this can causes serious
security issues like RC4 cipher enabled.
You should ship a haproxy.cfg
with safe SSL/TLS directive. Like Debian
for example:
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
(from redmine: issue id 7945, created on 2017-09-28)