Merge pull request #3226 from iqt4/os-haproxy_ssl-healthcheck

net/haproxy: fix HAProxy SSL preferences in healthchecks, closes #3221
opnsense · Feb 7, 2023 · f3bf7e8 · f3bf7e8
2 parents 3c4e3e7 + 75522fd
commit f3bf7e8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -1809,7 +1809,7 @@ backend {{backend.name}}
 {#               # 2. in health checks: to verify *only* health check communication to this server #}
 {#               # When 1. is enabled, health checks are automatically secured. #}
 {#               # Use-case for 2: when using TCP for server communication, but HTTPS for health checks. #}
-{%               if server_data.ssl|default("") == '1' or (healthcheck_enabled == '1' and healthcheck_data.force_ssl|default('') == '1') %}
+{%               if server_data.ssl|default("") == '1' or (healthcheck_enabled == '1' and (healthcheck_data.ssl|default('') == 'ssl' or healthcheck_data.ssl|default('') == 'sslsni')) %}
 {#                 # get status of ssl verification #}
 {%                 set ssl_verify_enabled = '0' %}
 {%                 if helpers.exists('OPNsense.HAProxy.general.tuning.sslServerVerify') and OPNsense.HAProxy.general.tuning.sslServerVerify|default("") != 'ignore' %}