Hello,
On 22 May 2018 at 15:26, Lukas Tribus <[email protected]> wrote: > Hello Emeric, > > > On 22 May 2018 at 14:44, Emeric Brun <[email protected]> wrote: >> Hi Lukas, >> >> I've just made some tests using openssl-1.1.1-pre6 and can't reproduce the >> issue. >> >> here my simple configuration: >> frontend my >> mode http >> bind :443 ssl crt default strict-sni >> redirect location / >> >> (default certificate CN is aloha) >> >> I've tested with openssl-1.1.1-pre6 as client without issue (same thing >> with 1.0.2g) >> >> openssl s_client -connect 10.0.3.168:443 -tls1_1 -servername aloha >> HS => OK >> openssl s_client -connect 10.0.3.168:443 -tls1 -servername aloha >> HS => OK >> openssl s_client -connect 10.0.3.168:443 -tls1 -servername foobar >> HS => KO >> >> My haproxy sources are latest 1.8 + some backports from dev branch >> >> Do you have any specific parameter related to ssl in your global section? I've confirmed the change in behavior only happens with an ECC certificate, an RSA certificate is not affected. Can you retry with an ECC cert? Thanks, Lukas
