Am 16.05.2019 um 20:30 schrieb Tim Düsterhus: > Aleks, > > Am 16.05.19 um 18:36 schrieb Aleksandar Lazic: >> I will only accept requests which have sni and only when they are client >> requests. > > Consider using strict-sni then: > https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.1-strict-sni > > I use it for all my configs without issue. The nice benefit is that > HAProxy never ever presents some kind of default certificate and instead > "cleanly" fails with a TLS error instead of just dropping the connection.
Cool tip thanks. > Best regards > Tim Düsterhus Regards Aleks
