On Thu, May 20, 2021 at 01:06:38AM +0300, IL Ka wrote:
> Disclaimer: I am not a network guru, but here is what I know.
Then don't distract the OP with speculative non-answers.
> WIth CNAME scenario you can't have more than one backend. Because HAProxy
> acts as L4 (TCP) balancer, it has no idea which server you are trying to
> connect to and which server's certificate you are waiting for.
This is false. All the backend servers present the same certificate
chain, so there's no problem.
> You can't use STARTTLS in this scenario because LoadBalancer is L4 (TCP)
> not L7 (SMTP) hence it doesn't "speak" SMTP.
This is false. All the backend servers have the same certificate chain.
...
--
Viktor.
