Thanks Lukas,
I will try 1.5 version.
But for Debian this version is in experimental now ;( I will look if some
already done for Wheezy.
Best regards
Peter Hudec
-----Original Message-----
From: Lukas Tribus <[email protected]>
Date: Tuesday, July 2, 2013 10:24 AM
To: Hudec Peter <[email protected]>, "[email protected]"
<[email protected]>
Subject: RE: ssl sni and client certificate verification
>Hi Peter!
>
>
>> 1) SSL SNI with SSL offload
>> As I read the docs, this is supported only in version 1.%, which is
>>still
>> not stable. Is there any way how to do this on 1.$ without nginx as
>> frontend?
>
>SSL offload does work only in 1.5. In 1.4 you need to do this with stunnel
>or stud, but that's a lot more complex and error prone than to simple use
>1.5.
>I'm not sure client verification is supported with stunnel or stud.
>
>I suggest you give haproxy 1.5-dev19 a try. It's already in use by a lot
>of
>people in production despite its not declared stable.
>
>
>
>> 2) SSL client verfication
>> I did not found the how to enforce the client verification on the
>>haproxy
>
>On the bind line, add "verify required":
>http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-verify
>
>You will also need to configure the CA file for verification (keyword:
>ca-file).
>
>
>Regards,
>
>Lukas
