If there is no difference in the SSL config, we will still have different libraries. Also there have been changes due to SSL vulnerabilities in several versions.
Which exact 7.5.2 version did you use to test?
I was unable to reproduce the issue with 220.127.116.11 but maybe I have used another configuration.
We solve the problem.
This is related to TLS 1.2. We use 18.104.22.168. We defined a fallback to TLS 1.1 and everything works. Nevertheless: TLS 1.2. does not work with this server. (other serves with 1.2 works without any problems)
Other general questions:
- The proxy creates new certificates for the connection with the client.
What will be copied to the new certificate:
The commonname 1:1?
What happens with wildcard zertificates? copies the wildcard CN or does the proxy change the CN to the real one?
What happens to SAN (Subject Alternative Names) ?