Haproxy SSL/TLS Passthrough Proxy not working?

Joshua · April 3, 2022, 6:13am

I want to setup haproxy as simple tcp-proxy. Below is my configuration. When I try to send e-mail via Thunderbird(pointing smtp to ip_of_my_host:8123) or simple python script I get an error about not valid certificate or certificate error. I thought Layer 4 doesn’t care about it at all. Isn’t SSL/TLS a L7 feature? So how setup it properly?

frontend smtp
  bind *:8123
  mode tcp
  default_backend smtp-backend

  backend smtp-backend
  mode tcp
  server s1 smtp.gmail.com:465

With SSL Pass-Through, no SSL certificates need to be created or used within HAproxy. The backend servers can handle SSL connections just as they would if there was only one server used in the stack without a load balancer.

So what’s wrong with my configuration? I want end smtp server to handle certificates.

Markus · April 4, 2022, 10:33am

one quick guess:

your client sends request to 1.2.3.4:8123 but gets an certificate with smtp.gmail.com. in this case “1.2.3.4” != “smtp.gmail.com” and so the complaint is correct. client always match the name/domain of SSL Certificate with the url/domain entered in the adress bar.

Topic		Replies	Views
TCP mode passthrough - Client ip Help!	0	387	March 11, 2024
HAproxy SMTP mail config Help!	3	4249	August 21, 2023
Haproxy SSL pass through Help!	4	1470	September 9, 2021
HAProxy not passing through user certificate Help!	1	1056	November 3, 2016
Not working in TCP mode Help!	10	894	July 23, 2024

Haproxy SSL/TLS Passthrough Proxy not working?

Related topics