HAproxy servers: Disable SSL verification

[jpawlowski]

When enabling SSL in server configurations, default value "no verify" should be added (=default behavior in pfSense).

[fraenki]

Thanks for your report! The HAProxy documentation clearly states:

It is critically important to verify server certificates when using SSL to connect to servers, otherwise the communication is prone to trivial man-in-the-middle attacks rendering SSL totally useless.

I agree with this statement and don't think it's a good idea to set the default to verify none. Instead we'll be using HAProxy's default of verify required.

I understand that it might be reasonable to disable SSL verification globally, that's why I've introduced a new option in General settings -> Global parameters: "Verify SSL Server Certificates". If you set this to "disable verify" it will disable verification for all servers. This even overrides the per-server configuration. (Of course it is also possible to enforce verification.)

[fraenki]

@jpawlowski: All fixes will be available with tomorrows 16.7.1 release. I'd love to hear your feedback.

[fraenki]

@fichtner: I think this issues can be closed now.