New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/haproxy: deciphered SNI check not supported in ACL #1365
Comments
i have find some problem similar to mine here : |
When i edit the file haproxy.conf in /usr/local/etc/haproxy.conf the modification for the haproxy working and tested : |
@ad1rie1 Thanks for your report. So the essence of all this information is:
I've added a new condition "SNI TLS extension matches (locally deciphered)" to support the latter. Furthermore I've improved the wording on the existing options to highlight the difference. This will be available in the upcoming os-haproxy 2.17. |
Hello,
The sni based SNI not work as expected. the haproxy not read or ignore the SNI value.
Lets explain :) :
My client request to the HAProxy a webpage in HTTPS, in this request the SNI field is OK and set with with the servername:
In my condition of Haproxy setting, i have two condition defined :
In this condition i check the name of the server in SNI field :
But the condition is never trigered.
If i negate the condition, it's working fine and the reverse proxy works.
Why this condition not works ? how i can fix it ?
Version :
OPNsense 19.1.9-amd64
FreeBSD 11.2-RELEASE-p10-HBSD
OpenSSL 1.0.2s 28 May 2019
Extention :
Name | HAProxy
Version | 1.8.20
Release_date | 2019/04/25
Dear,
The text was updated successfully, but these errors were encountered: