1 /I have nothing in the "global settings" of the haproxy regarding SSL. 2 / I have nothing about SSL in /etc/apache2/mods-enabled/ssl.conf. 3 / Include Optional conf-enabled / *. Conf no SSL option. 4 / Include Optional sites-enabled SSL configurations are found by default in vhost. I'm doing an apache2ctl -S the first vhost is dev.dsden60.ac-amiens.fr Code: 192.168.236.50:443 is a NameVirtualHost default server dev.dsden60.ac-amiens.fr (/etc/apache2/sites-enabled/100-dev.dsden60.ac-amiens.fr.vhost:110) port 443 namevhost dev.dsden60.ac-amiens.fr (/etc/apache2/sites-enabled/100-dev.dsden60.ac-amiens.fr.vhost:110) alias dev.dsden60.ac-amiens.fr port 443 namevhost gdmat.dsden60.ac-amiens.fr (/etc/apache2/sites-enabled/100-gdmat.dsden60.ac-amiens.fr.vhost:116) alias gdmat.dsden60.ac-amiens.fr I have just modified the option as follows in dev.dsden60.ac-amiens.fr: Code: SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 this applied to all sites after checking on Qualys SSL Labs site: Code: Overall Rating = A & Protocol Support = TLS 1.3 TLS 1.2 and always "Protocol or cipher suite mismatch" errors with TLS 1.3 protocol We went from 17s to 10s of SSL negotiation, capture attached. I do not understand why by acting on the first vhost 443 by default this has repercussions on all the sites (vhost). I understand that the default server is just the first one encountered for the port because Apache parses the config / vhost files. But why by acting on the first vhost 443 by default this has an impact on all the sites (vhost).