Skip to content

Instantly share code, notes, and snippets.

@meineerde
Created June 22, 2020 19:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save meineerde/67594afbaee3ed13234f485f5263f710 to your computer and use it in GitHub Desktop.
Save meineerde/67594afbaee3ed13234f485f5263f710 to your computer and use it in GitHub Desktop.
HAPROXY: Delay but fullfil a request if it was made with an outdated (but supported) cipher
frontend http
mode http
bind :443 ssl crt /etc/haproxy/ssl
acl outdated_cipher ssl_fc_cipher -i -m sub rc4
# define a maximum waiting period
tcp-request inspect-delay 10s
# accept the connection immediately if the client doesn't use an outdated cipher
tcp-request content accept unless outdated_cipher
# accept all other requests only once the inspect-delay has passed
tcp-request content accept if WAIT_END
use-backend my-servers
backend my-servers
server 127.0.09.1:8000
server 127.0.09.1:8001
# ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment