HAProxy Backend ssl setting bug?
-
As you can see in the picture, I have "SSL" checked, yet unless I add "ssl" to the advanced options it does not work, looking at the raw config I get this without me adding "ssl" to the advanced section.
server 1111 1.1.1.1:853 check-ssl check inter 60000 weight 1 verify none
With "ssl" added it then get this
server 1111 1.1.1.1:853 check-ssl check inter 60000 weight 1 verify none ssl
Shouldn't ssl be added automatically when ssl is checked?
-
Yes and no.. its well 'as designed'.. :/
Anyhow got a change pending on my pc to split the 'ssl-check' and 'ssl encryption' into 2 seperate checkboxes.. Then it should make more sense ;) .
-
So what's the point of checking the SSL box then? Especially since it allows you to check that box and then not set anything else for confirming SSL certificates.
As you can see in my case I just need it to connect to an SSL service but I'm not doing any SSL checking at least not yet. I'm using this too forward plain DNS to cloudflares TLS DNS.
I guess if you're about to make a change we'll see how that looks.
-
The point of checking the ssl box was that it would perform 'ssl checks' on a https backend that is used with 'mode tcp' / with SNI backend selection.. But its always been a bit of a strange way to do it like that.. So that will change 'soon' i think/hope, got little stuff to work on to and only so much time to spare ;).
-
But it seemingly wouldn't even use SSL? So how did it check it?
-
By putting check-ssl keyword in the config.
https://github.com/pfsense/FreeBSD-ports/blob/ae27b1718e27a0655adf27b99fc1df6c90f1c524/net/pfSense-pkg-haproxy-devel/files/usr/local/pkg/haproxy/haproxy.inc#L1120Anyhow that line will be gone soon..