Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: Tubs on January 31, 2024, 08:09:54 PM

Title: HAProxy - wrong ssl certificater after upgrade to 24.1
Post by: Tubs on January 31, 2024, 08:09:54 PM
Hello,

for the issue with IDS not workong after update I could find quickly here the solution.
Now I have detected the second issue after update to 14.1.

I use HAProxy in a mix of SNI frontend (TCP type) and https frontend (SSL offloading). For offloading I use two hostnames with two ssl certificates that will will use two different backend servers.

Since the update the wrong certificate of the both is getting provided to the client. Backend selection is as expected. This setup is running since years. It broke when I upgraded to 14.1 yesterday.
Title: Re: HAProxy - wrong ssl certificater after upgrade to 24.1
Post by: amichel on January 31, 2024, 08:33:38 PM
Hi,
maybe you face the issue described here:
https://forum.opnsense.org/index.php?topic=38435.0 (https://forum.opnsense.org/index.php?topic=38435.0)
Title: Re: HAProxy - wrong ssl certificater after upgrade to 24.1
Post by: Tubs on February 02, 2024, 08:30:55 PM
Thank you.
This looks like the issue I am facing.
Text only | Text with Images