Hello everyone,
at the moment I am trying to filter via SNI on HaProxy for my SMTPS and IMAPS connections.
Its all working fine when I select the default backend for SMTPS and IMAPS.
So I tried to create a condition where the SNI matches "smtp.mydomain.de" and "imap.mydomain.de".
Than no connection is possible.
The HAProxy is only in TCP Mode (working fine when default Backend is selected).
I already did a wireshark pcap on my WAN Interface, where the HAProxy is listening. The first TLS package show thats the SNI is set correctly "Client Hello (SNI=smtp.mydomain.de)".
So seems like HAProxy isn't respecting the SNI.
All Updates are installed.
Maybe anyone has an idea.
Did you use ssl_fc_sni, instead of req.ssl_sni? The latter only works with TLS, not with TCP.
Thanks for the reply.
I already enabled strict_sni in my frontend. After that a connection from Apple Mail is working, but thunderbird and other clients not
Ah found it. Seems to work now.
Thank you a lot!