We are planning to release it later this year. Aki
> On October 26, 2017 at 3:13 PM KT Walrus <[email protected]> wrote: > > > When is 2.3 scheduled to be released? > > Kevin > > > On Oct 26, 2017, at 7:57 AM, Aki Tuomi <[email protected]> wrote: > > > > Hi! > > > > There is support for haproxy SSL TLVs in 2.3. See > > > > https://github.com/dovecot/core/compare/f43567aa%5E...b6fbc235.patch > > > > Aki > > > >> On October 26, 2017 at 12:25 PM Rok Potočnik <[email protected]> wrote: > >> > >> > >> Even though it seems dovecot (using 2.2.33.1) supports haproxy's > >> send-proxy-v2, it seems to lack send-proxy-v2-ssl (which also sends > >> client's ssl state). It would be a nice feature for the backend server > >> to identify clients so one wouldn't have to use disable_plaintext_auth > >> on a production environment. > >> > >> --- haproxy.cfg > >> frontend pop3 > >> bind [::]:110 v4v6 > >> bind [::]:995 v4v6 ssl crt /etc/pki/tls/private/haproxy.pem > >> mode tcp > >> default_backend pop3 > >> backend pop3 > >> mode tcp > >> balance leastconn > >> stick store-request src > >> stick-table type ip size 200k expire 30m > >> timeout connect 5000 > >> timeout server 50000 > >> server proxy1 [2001:db8::11]:10110 send-proxy-v2-ssl > >> server proxy2 [2001:db8::22]:10110 send-proxy-v2-ssl > >> --- > >> > >> --- dovecot.conf > >> haproxy_trusted_networks = [2001:db8::]/64 > >> service pop3-login { > >> inet_listener pop3_haproxy { > >> port = 10110 > >> haproxy = yes > >> } > >> } > >> --- > >> > >> It would also be nice if haproxy would support STARTTLS offloading but > >> that's a subject for a different mailing list ;) > >> > >> -- > >> BR, Rok
