On Sun, Sep 2, 2018 at 5:29 AM Lukas Tribus <[email protected]> wrote: > You might be able to do with a dedicated backend and a 503 errorfile. > > backend generate_421 > errorfile 503 /etc/haproxy/421misdirect.http > > With appropriate content in /etc/haproxy/421misdirect.http
I'll give this a try and see if browsers respond the way I need them to. > Would you mind elaborating why you want to close the TLS connection, > for a better understanding of the use-case? My use-case is for TLS client certificate authentication. In my configuration, client certificates are optional for the site as a whole, but required to perform certain actions on it. If a user visits the site without the client certificate, inserts their smart card, and then tries to perform an action that requires a certificate, the browser will reuse the TLS connection without it, so the action will fail. I need the browser to establish a new TLS connection so that it will use the client certificate that is now present. Joseph C. Sible
