global log 127.0.0.1 local3 maxconn 65535 chroot /usr/local/haproxy uid 500 gid 500 daemon ssl-default-bind-options no-sslv3 force-sslv3 This option enforces use of SSLv3 only on SSL connections instantiated from this listener. SSLv3 is generally less expensive than the TLS counterparts for high connection rates. This option is also available on global statement "ssl-default-bind-options". See also "no-tlsv*" and "no-sslv3". force-tlsv10 This option enforces use of TLSv1.0 only on SSL connections instantiated from this listener. This option is also available on global statement "ssl-default-bind-options". See also "no-tlsv*" and "no-sslv3". force-tlsv11 This option enforces use of TLSv1.1 only on SSL connections instantiated from this listener. This option is also available on global statement "ssl-default-bind-options". See also "no-tlsv*", and "no-sslv3". force-tlsv12 This option enforces use of TLSv1.2 only on SSL connections instantiated from this listener. This option is also available on global statement "ssl-default-bind-options". See also "no-tlsv*", and "no-sslv3". haproxy 关闭ssl 3.0 加密