TLSv1 Issues and Cipher Suggestion for site that perform transaction please

Networking & Firewalls
1

Hello All,

Been digging for multiple days but not sure what I am doing wrong when adding the cipher to HAProxy FrontEnd under Advance SSL Options in PFSense.
Advance SSL Options.png

What got me going on this is resolving the following issue in the Protocol from whynopadlock.com
TLSv1 Issues.JPG

I suspect my default is TLSv1 so I went to the following site to grab the following cipher (not sure if it is the best):
ssl-config.mozilla.org

ssl-min-ver TLSv1.2, ssl-max-ver TLSv1.2

ECDHE+ECDSA+AES128+GCM+SHA256:ECDHE+RSA+AES128+GCM+SHA256:ECDHE+ECDSA+AES256+GCM+SHA384:ECDHE+RSA+AES256+GCM+SHA384:ECDHE+ECDSA+CHACHA20+POLY1305:ECDHE+RSA+CHACHA20+POLY1305:DHE+RSA+AES128+GCM+SHA256:DHE+RSA+AES256+GCM+SHA384:DHE+RSA+CHACHA20+POLY1305

I really don’t know how to format it and input this. When I add the above I get the following error (I do have a IP and PORT just removed it as I don’t want to post that lol.):

Errors found while starting haproxy
[ALERT] 142/235237 (75838) : parsing [/var/etc/haproxy_test/haproxy.cfg:29] : 'bind XXX.XXX.XXX.XXX:PORT' unknown keyword 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305'. Registered keywords :
[ SSL] allow-0rtt
[ SSL] alpn <arg>
[ SSL] ca-file <arg>
[ SSL] ca-ignore-err <arg>
[ SSL] ca-sign-file <arg>
[ SSL] ca-sign-pass <arg>
[ SSL] ciphers <arg>
[ SSL] ciphersuites <arg>
[ SSL] crl-file <arg>
[ SSL] crt <arg>
[ SSL] crt-ignore-err <arg>
[ SSL] crt-list <arg>
[ SSL] curves <arg>
[ SSL] ecdhe <arg>
[ SSL] force-sslv3
[ SSL] force-tlsv10
[ SSL] force-tlsv11
[ SSL] force-tlsv12
[ SSL] force-tlsv13
[ SSL] generate-certificates
[ SSL] no-ca-names
[ SSL] no-sslv3
[ SSL] no-tlsv10
[ SSL] no-tlsv11
[ SSL] no-tlsv12
[ SSL] no-tlsv13
[ SSL] no-tls-tickets
[ SSL] ssl
[ SSL] ssl-min-ver <arg>
[ SSL] ssl-max-ver <arg>
[ SSL] strict-sni
[ SSL] tls-ticket-keys <arg>
[ SSL] verify <arg>
[ SSL] npn <arg>
[ SSL] prefer-client-ciphers
[STAT] level <arg>
[STAT] expose-fd <arg>
[STAT] severity-output <arg>
[ TCP] mss <arg>
[ TCP] tfo
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[ TCP] defer-accept (not supported)
[ TCP] interface <arg> (not supported)
[ ALL] accept-netscaler-cip <arg>
[ ALL] accept-proxy
[ ALL] backlog <arg>
[ ALL] id <arg>
[ ALL] maxconn <arg>
[ ALL] name <arg>
[ ALL] nice <arg>
[ ALL] process <arg>
[UNIX] gid <arg>
[UNIX] group <arg>
[UNIX] mode <arg>
[UNIX] uid <arg>
[UNIX] user <arg>
[ALERT] 142/235237 (75838) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
[ALERT] 142/235237 (75838) : Fatal errors found in configuration.

Any suggestion on top cipher code for ecommerce site would be great and minimum TLSv1.2 is recommend or required by online community it seem. TLSv3 is not necessary.