Aleks, Am 16.05.19 um 18:36 schrieb Aleksandar Lazic: > I will only accept requests which have sni and only when they are client > requests.
Consider using strict-sni then: https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.1-strict-sni I use it for all my configs without issue. The nice benefit is that HAProxy never ever presents some kind of default certificate and instead "cleanly" fails with a TLS error instead of just dropping the connection. Best regards Tim Düsterhus
