HAproxy

Haproxy doesn't pass X-SSL-Client-Verify header, why?

Hello.

I'm trying to activate mutual auth on haproxy and pass the necessary headers to the backend, which unfortunately do not reach.

haproxy config:

listen test
        bind :80
        bind :443 ssl crt /etc/ssl/certs/pem.pem ca-file /etc/ssl/certs/pem.crt verify optional
        http-request set-header X-SSL                       %[ssl_fc]
        http-request set-header X-SSL-Client-Verify         %[ssl_c_verify]
        http-request set-header X-SSL-Client-SHA1           %{+Q}[ssl_c_sha1]
        http-request set-header X-SSL-Client-DN             %{+Q}[ssl_c_s_dn]
        http-request set-header X-SSL-Client-CN             %{+Q}[ssl_c_s_dn(cn)]
        http-request set-header X-SSL-Issuer                %{+Q}[ssl_c_i_dn]
        http-request set-header X-SSL-Client-Not-Before     %{+Q}[ssl_c_notbefore]
        http-request set-header X-SSL-Client-Not-After      %{+Q}[ssl_c_notafter]

        option httpchk GET /
        http-check expect status 404
        server kwv051 kwv051.my.com:80 check
        server kwv052 kwv052.my.com:80 check
        server kwv053 kwv053.my.com:80 check
        server kwv054 kwv054.my.com:80 check

In the php container, I am dumping server data - none of the above headers is present.
print_r($GLOBALS);

Previously, I implemented the scheme through the Ingress-controller, but the problem is that I need a cache of ssl sessions, and since it’s impossible to share the cache between several ingresses, and there is a “very” need for several ingress instances, I’m trying to implement through haproxy

Ingress annotations, which worked (just in case..):
nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "3"
nginx.ingress. kubernetes.io/auth-tls-secret: "ns/mutualauth"

Please tell me where to look, how to fix it?

HA-Proxy version 2.0.13-2ubuntu0.1 2020/09/08
K8s 1.20.