Hi Olivier,
Olivier Doucet wrote:
> Is there a way to not present the first loaded certificate and refuse
> connection instead ?
You can use the strict-sni argument on the bind line to force the client
to speak SNI and refuse the TLS handshake otherwise.
See the documentation for details at
Hello,
I'm actually using HTTPS/SNI on HAProxy 1.6
Documentation states the following :
"If no SNI is provided by the client or if the SSL library does not support
TLS extensions, or if the client provides an SNI hostname which does not
match any certificate, then the first loaded certificate
2 matches
Mail list logo