@kalfeher obsolete protocols and softwares are part of a lot of ecosystem. Unfortunately deprecating something doesn't make it disappear, but rest assured, TLSv1.0 and 1.1 are disabled by default. Like we said in the article, that's to "accommodate diverse client requirements while encouraging migration to more secure protocols.". Most openssl drop-in replacement still implements TLS1.0, so that's not really an important point. It's not about designing a software, switching this on is basically 2 lines of code.

@kalfeher
Hopefully TLS 1.0 will disappear, but there are still cases where people want to use a modern HAProxy stack in front of a proprietary software which only handles TLS 1.0 for example. HAProxy is a swiss army knife which handles that kind of cases, and make people life easy in hostile environment 🙂

@mirabilos We consider that LibreSSL is a really good implementation for small use-cases, but it wasn't performant enough nor complete enough to be considered as a replacement of OpenSSL for most haproxy users. However we will still support this library and will be happy to improve its support within haproxy.

@bug Maybe you should try to write this with c++ templates, you could have more luck.