On Thu, May 20, 2021 at 01:06:38AM +0300, IL Ka wrote:

> Disclaimer: I am not a network guru, but here is what I know.

Then don't distract the OP with speculative non-answers.

> WIth CNAME scenario you can't have more than one backend. Because HAProxy
> acts as L4 (TCP) balancer, it has no idea which server you are trying to
> connect to and which server's certificate you are waiting for.

This is false.  All the backend servers present the same certificate
chain, so there's no problem.

> You can't use STARTTLS in this scenario because LoadBalancer is L4 (TCP)
> not L7 (SMTP) hence it doesn't "speak" SMTP.

This is false.  All the backend servers have the same certificate chain.

...

-- 
    Viktor.

Reply via email to