Hi Peter!
> 1) SSL SNI with SSL offload > As I read the docs, this is supported only in version 1.%, which is still > not stable. Is there any way how to do this on 1.$ without nginx as > frontend? SSL offload does work only in 1.5. In 1.4 you need to do this with stunnel or stud, but that's a lot more complex and error prone than to simple use 1.5. I'm not sure client verification is supported with stunnel or stud. I suggest you give haproxy 1.5-dev19 a try. It's already in use by a lot of people in production despite its not declared stable. > 2) SSL client verfication > I did not found the how to enforce the client verification on the haproxy On the bind line, add "verify required": http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-verify You will also need to configure the CA file for verification (keyword: ca-file). Regards, Lukas
