❦ 2 décembre 2017 10:47 GMT, "Aleksandar Lazic" <al-hapr...@none.at> :
> You can use the following line to full fill your request, untested. > > bind :443 ssl ca-file "${PATH_TO_CAFILE}" crl-file > "${PATH_TO_CRLFILE}" verify "${VERIFY_MODE}" If verify mode is set to optional, on browsers, this will still trigger the dialog box to get a certificate from the user. AFAIK, there is no way to achieve what Apache is doing using HAProxy: there is no code to change SSL parameters after initial bind. -- If you tell the truth you don't have to remember anything. -- Mark Twain