Hi Lukas, On Tue, Jun 25, 2013 at 09:31:15AM +0200, Lukas Tribus wrote: > Hi Willy, > > > > Oh crap, you're right! In fact we put "verify", "ca-file" and "crl-file" > > on the server side in 1.5-dev13 while SSL alone was in 1.5-dev12. And of > > course the doc was not updated. That explains a lot of things! > > Oh, great. I see you already updated the docs. > > What I'm asking myself: > is it a good idea to default to "verify none", instead of "verify required" > on the backend? Incomplete configurations will be vulnerable to MITM.
Yes but most users of this will in fact just wantto recipher when connecting to the local server haproxy was installed in front of because they don't know how to make it accept non-ssl connections. And that's a fairly common case with certain products or commercial applications. For example some applications will automatically build "https://"; links only if the connection was accepted over SSL. Then in this case, SSL is used as HTTP, but provides additional connectivity. > Usually applications default to the secure behavior with the possibility to > connect without server certificate verification (this way, they are forcing > the user to at least think about certificate validation if its not OK). > > Otherwise users may simplificate with the its-ssl-so-its-secure thinking. In fact I think that the statement in the doc is clear enough about this. Since "verify" would not work without a "cafile" setting, it would be quite annoying. > If we want to change the default-behavior, I would rather do it know - short > and sweet - than when we are more close to a stable release. Honnestly, I'd rather avoid it given the usage that is made of haproxy. It would only increase the error reports on the list. Best regards, Willy
