Hello,
2017-12-02 12:32 GMT+01:00 Vincent Bernat <[email protected]>: > If verify mode is set to optional, on browsers, this will still trigger > the dialog box to get a certificate from the user. AFAIK, there is no > way to achieve what Apache is doing using HAProxy: there is no code to > change SSL parameters after initial bind. More specifically this requires SSL renegotiation, which has been removed in TLSv1.3 to further simplify things, so even Apache won't be able to do this once you upgrade to TLSv1.3. So really this should not be used
