The beast attack on SSL isn’t new, but we have not yet published an article to explain how to mitigate it with ALOHA or HAProxy.
First of all, to mitigate this attack, you must use the Load-Balancer as the SSL endpoint, then just append the following parameter on your HAProxy SSL frontend:
For the ALOHA Load-Balancer:
bind 10.0.0.9:443 name https ssl crt domain ciphers RC4:HIGH:!aNULL:!MD5
For HAProxy OpenSource:
bind 10.0.0.9:443 name https ssl crt /path/to/domain.pem ciphers RC4:HIGH:!aNULL:!MD5
As you may have understood, the most important part is the ciphers RC4:HIGH:!aNULL:!MD5 directive, which can be used to force the cipher used during the connection and to force it to be strong enough to resist to the attack.
Related Links
http://blog.zoller.lu/2011/09/beast-summary-tls-cbc-countermeasures.html
https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls