Hey Willy, This is what the docs say:
"This option enables SSL ciphering on outgoing connections to the server. At the moment, server certificates are not checked, so this is prone to man in the middle attacks." If I got Lukas and Qingshan right, that's what they are discussing. On 06/25/2013 01:36 AM, Willy Tarreau wrote: > On Tue, Jun 25, 2013 at 01:23:12AM +0200, Lukas Tribus wrote: >>> Yes, this is on the roadmap for implementation before 1.5 becomes stable >>> afaik. >> >> Actually, I don't see this in the ROADMAP file, so this was probably >> incorrect, although I believe I've read it somewhere. >> >> Willy, is backend server certificate validation planned? > > No because it's already implemented! From the beginning I have refused > SSL on the backend without certificate verification because it would be > useless. So from the first introduction of SSL to the servers, we had > the feature. Or am I missing something ? > > Willy > > Regards, -- Nenad Merdanovic | PGP: 0x423edcb2 | Web: http://nimzo.info Linkedin: http://www.linkedin.com/in/nenadmerdanovic
