Hi Lukas, Right, "verify required ssl verifyhost www.ham.eggs" fails now as expected.
My initial report that it doesn't work with "verifyhost" option was not completely right, because in fact we never tried what would happen if we set a non-matching pattern in the "verifyhost" directive. We tested without the verifyhost because of lack of knowledge that this would be mandatory. Then it always worked (even with the name mismatch), And we tested with verifyhost directive, but only with a matching pattern, also always worked. Now with the new information, it's clear why this always worked and what we have to do to achieve a correct haproxy config. -> always use "verify required" *together* with "verifyhost" I would also vote to change the HAProxy default behavior to more security-oriented when there are some directives not passed. This would on the one hand generate more questions "why is it not working?", but on the other hand would have a stronger security out of the box. Thanks for your help! BR Martin -----Original Message----- From: lu...@ltri.eu [mailto:lu...@ltri.eu] Sent: Montag, 16. Juli 2018 14:11 To: Martin RADEL <martin.ra...@rbinternational.com> Cc: haproxy@formilux.org; w...@1wt.eu; m...@gandi.net Subject: Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost" On Mon, 16 Jul 2018 at 11:57, Martin RADEL <mailto:martin.ra...@rbinternational.com> wrote: > > Hi, > > I think we found the issue: > Seems that there was a misunderstanding from us regarding the haproxy > documentation with the "verifyhost" option. > > If I get it right, the documentation says that if we have a haproxy > config that > - Has "verify required" > - Does not use SNI > - Has no "verifyhost" > Then HAProxy will simply ignore whatever hostname the server sends back in > its certificate and the handshake will be OK. Yes, that is correct, also see the verify docs: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-verify Not sure how we ended up in this situation though. I remember there was a vivid discussion about whether "verify" should default to none or required. We opted for "required", to be "secure by default", but this is totally useless given that it requires verifyhost or sni, and will silently disable cert verification when those option are not given. That's probably the worst thing we can do in this case; this configuration should be rejected, imho. People that don't care about cert verification should simply set "verify none". But here we are now, and this is documented behavior :( I think this was introduced in 2ab88675, maybe we can change this in 1.9. > Please can you confirm that our understanding of HAProxy documentation is > correct? > If so, then we could mark this topic as "solved" :-) Yes, but I don't understand, you reported that verification is not happening *with* verifyhost: > the connection to the backend works all the time, even when there is a name > mismatch and even if we use the “verify required” option together with > “verifyhost”. "verify required ssl verifyhost www.ham.eggs" fails as expected for you now, correct? Thanks, Lukas This message and any attachment ("the Message") are confidential. If you have received the Message in error, please notify the sender immediately and delete the Message from your system, any use of the Message is forbidden. Correspondence via e-mail is primarily for information purposes. RBI neither makes nor accepts legally binding statements via e-mail unless explicitly agreed otherwise. Information pursuant to § 14 Austrian Companies Code: Raiffeisen Bank International AG; Registered Office: Am Stadtpark 9, 1030 Vienna,Austria; Company Register Number: FN 122119m at the Commercial Court of Vienna (Handelsgericht Wien).