Force haproxy to TLSv1.2 or above

openBalena
1

We host open-balena on a virtual machine of our company. The department, that manage this machines informs us, that our machine allow ssl connections with TLSv1 and TLSv1.1 and that not allowed. I know, that I can change the behavior of haproxy, if I add these line to the global part of the haproxy.cfg.

global
  tune.ssl.default-dh-param 1024
  ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

But this file belongs not to the config part of open-balena and I have to stash that every time I make a update. Exist another way, to modify the config of haproxy?

2

You can change the haproxy configuration according to this documentation:[https://www.haproxy.com/documentation/hapee/1-8r1/onepage/#8] (https://www.haproxy.com/documentation/hapee/1-8r1/onepage/#8)
You should change the configuration in this file src/haproxy/haproxy.cfg and rebuild the service, but keep in mind, that this file might conflict when you update to a new open balena version, so you might have to redo these changes.