ssl sni and client certificate verification

2013-07-02 Thread Hudec Peter
Hi all, The last 2 task I need to to after final decision of the migration from NGINX is 1) SSL SNI with SSL offload As I read the docs, this is supported only in version 1.%, which is still not stable. Is there any way how to do this on 1.$ without nginx as frontend? 2) SSL client verfication

RE: ssl sni and client certificate verification

2013-07-02 Thread Lukas Tribus
Hi Peter! 1) SSL SNI with SSL offload As I read the docs, this is supported only in version 1.%, which is still not stable. Is there any way how to do this on 1.$ without nginx as frontend? SSL offload does work only in 1.5. In 1.4 you need to do this with stunnel or stud, but that's a lot

Re: ssl sni and client certificate verification

2013-07-02 Thread Hudec Peter
To: Hudec Peter phu...@cnc.sk, haproxy@formilux.org haproxy@formilux.org Subject: RE: ssl sni and client certificate verification Hi Peter! 1) SSL SNI with SSL offload As I read the docs, this is supported only in version 1.%, which is still not stable. Is there any way how to do this on 1

Re: ssl sni and client certificate verification

2013-07-02 Thread Baptiste
...@hotmail.com Date: Tuesday, July 2, 2013 10:24 AM To: Hudec Peter phu...@cnc.sk, haproxy@formilux.org haproxy@formilux.org Subject: RE: ssl sni and client certificate verification Hi Peter! 1) SSL SNI with SSL offload As I read the docs, this is supported only in version 1.%, which

Re: ssl sni and client certificate verification

2013-07-02 Thread Hudec Peter
: Re: ssl sni and client certificate verification Hi Peter, A few more information about HAProxy features and client certificate: http://blog.exceliance.fr/2012/10/03/ssl-client-certificate-management-at- application-level/ http://blog.exceliance.fr/2013/06/13/ssl-client-certificate-information

Re: ssl sni and client certificate verification

2013-07-02 Thread Sander Klein
On 02.07.2013 10:39, Hudec Peter wrote: Thanks Lukas, I will try 1.5 version. But for Debian this version is in experimental now ;( I will look if some already done for Wheezy. I have 1.5 packages for amd64 on my site. They are based on the packaging done by Vincent Bernat. They Work For

Re: ssl sni and client certificate verification

2013-07-02 Thread shouldbe q931
On Tue, Jul 2, 2013 at 9:39 AM, Hudec Peter phu...@cnc.sk wrote: Thanks Lukas, I will try 1.5 version. But for Debian this version is in experimental now ;( I will look if some already done for Wheezy. It's really easy to build from source

Re: ssl sni and client certificate verification

2013-07-02 Thread Vincent Bernat
❦ 2 juillet 2013 10:39 CEST, Hudec Peter phu...@cnc.sk : But for Debian this version is in experimental now ;( I will look if some already done for Wheezy. It's really easy to backport the version in experimental for Wheezy: dget