update readme

2018-07-15 19:14:59 +02:00 · 2018-07-15 19:14:59 +02:00 · 97099b3742
commit 97099b3742
parent 265f66c3bf
1 changed files with 10 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -88,8 +88,10 @@ services:
 ### helloworld with socat

 socat could be handy when you need to see the TLS flow between the reverse
-proxy and a backend. It may also let you secure the traffic between them in
-case when the backend application does not support TLS on its own.
+proxy and a backend.
+
+It may also help you secure the traffic between the reverse proxy and a backend
+in case when the latter service does not support TLS on its own.

 > Minimum socat version should be [1.7.3.2](https://fossies.org/linux/privat/socat-1.7.3.2.tar.gz/socat-1.7.3.2/CHANGES) so it will work with the
 > ECDHE- OpenSSL ciphers.
@ -115,6 +117,12 @@ services:
      traefik.protocol: 'https'
 ```

+If you get ``sslv3 alert bad certificate`` error, then make sure you have
+either updated the CA bundle with your CA file which was used to sign your x509
+certificates at the reverse proxy server or disable TLS verification between
+the reverse proxy and your backend (e.g. Traefik has a global option
+``insecureSkipVerify = true``)
+
 ## Testing

 I have added a simplistic script [testme.sh](testme.sh) that helps to test this