continuing ...
2017-12-04 9:21 GMT+01:00 Lukas Tribus :
> More specifically this requires SSL renegotiation, which has been
> removed in TLSv1.3 to further simplify things, so even Apache won't be
> able to do this once you upgrade to TLSv1.3.
>
> So really this should not be used ...
... otherwi
Hello,
2017-12-02 12:32 GMT+01:00 Vincent Bernat :
> If verify mode is set to optional, on browsers, this will still trigger
> the dialog box to get a certificate from the user. AFAIK, there is no
> way to achieve what Apache is doing using HAProxy: there is no code to
> change SSL parameters aft
❦ 2 décembre 2017 10:47 GMT, "Aleksandar Lazic" :
> You can use the following line to full fill your request, untested.
>
> bind :443 ssl ca-file "${PATH_TO_CAFILE}" crl-file
> "${PATH_TO_CRLFILE}" verify "${VERIFY_MODE}"
If verify mode is set to optional, on browsers, this will still trigge
> Em 2 de dez de 2017, à(s) 08:47, Aleksandar Lazic
> escreveu:
>
> Von: "Joao Morais" gesendet: 02.12.2017 00:53:33
>
>> Hi, I have some apps that need to mimic an Apache httpd behavior on client
>> certificate verification: require certificate only on some paths.
>>
>> Apache does this im
Hi.
-- Originalnachricht --
Von: "Joao Morais"
An: "HAproxy Mailing Lists"
Gesendet: 02.12.2017 00:53:33
Betreff: Client cert verification on some paths
Hi, I have some apps that need to mimic an Apache httpd behavior on
client certificate verification: require
Hi, I have some apps that need to mimic an Apache httpd behavior on client
certificate verification: require certificate only on some paths.
Apache does this implementing SSL renegotiation as briefly explained here[1].
Of couse I can `mode tcp` proxy to an Apache instance to do that for me but
6 matches
Mail list logo
