pfSense warning message use only ssl-min-ver after upgrade

We use pfSense for our customers as a firewall and load balancer, it’s a great open source product. pfSense is a comprehensive network security solutions for all size businesses, pfSense brings together the most advanced technology available to make protecting your network while using open source software.

Ignore no-sslv3/no-tlsv1x warning

Recently one of our customers upgraded their firewall and started getting a warning message.

[WARNING] 267/093714 (39113) : Proxy 'Prod_Web_SSL': no-sslv3/no-tlsv1x are ignored for bind '' at [/var/etc/haproxy/haproxy.cfg:92]. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.

This issue occurs because when upgrading from 1.6 to 1.8 of HA Proxy the configuration has changed.

In each SSL enabled Frontend we had

Advanced ssl options filled in with ” no-sslv3 no-tlsv10 force-tlsv12″

How we resolved

We resolved the issue by first removing those entries from Advanced ssl options

And then creating a global entry to eliminate older SSL versions

How select SettingsCustom options

We added a line ssl-default-bind-options ssl-min-ver TLSv1.2

This is what our whole configuration looks like right now:

ssl-default-bind-options ssl-min-ver TLSv1.2
tune.ssl.default-dh-param 2048

Hope that help you resolve the same issue our customer had.