Trying to re-establish SSL for connection to TCP backend


#1

Greetings all,

We have a requirement to terminate SSL for a TCP protocol (ActiveMQ Openwire) using HAProxy, and then forward the request over SSL to the backend ActiveMQ broker.

It looks something like this:

client --> Openwire over SSL --> HAProxy (terminates SSL) --> Openwire over SSL --> backend ActiveMQ broker

Is this possible with HAProxy?

I’m able to terminate SSL and forward the unencrypted request to the backend, but I cannot figure out how to make the request from HAProxy to the backend over SSL.

I am using HA-Proxy version 1.5.14

Regards,
Jeff


#2

you can do that. you might have to tell it which hostname to expect in the ssl cert from the backend. (tested with 1.6) see verifyhost option for the server statement.