From e67a8847845d17242df55549f7eedb131a71930f Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Fri, 10 Jan 2025 16:55:31 -0500
Subject: [PATCH] haproxy: ssl-default-server-curves added in 2.9.0

x-ref:
  "HAProxy config uses ssl-default-server-curves for versions that do not support it"
  https://github.com/mozilla/ssl-config-generator/issues/311

github: fixes #311
---
 src/js/helpers/haproxy.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/js/helpers/haproxy.js b/src/js/helpers/haproxy.js
index 98203e11..79a9e860 100644
--- a/src/js/helpers/haproxy.js
+++ b/src/js/helpers/haproxy.js
@@ -8,7 +8,10 @@ export default (form, output) => {
 
  function haproxy_ssl_default_opts (tag) {
    var conf =
-      '    ssl-default-'+tag+'-curves '+output.tlsCurves.join(':')+'\n'+
+      (minver("2.9.0", form.serverVersion) || tag === 'bind'
+        ?
+      '    ssl-default-'+tag+'-curves '+output.tlsCurves.join(':')+'\n'
+        : '')+
       (output.ciphers.length
         ?
       '    ssl-default-'+tag+'-ciphers '+output.ciphers.join(':')+'\n'