In TCP mode, HAproxy doesn't actually even terminate SSL, it just passes the packets on to the backend.

	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	mode	http
	option	dontlognull

frontend frontend1
	bind *:8081
	mode tcp
	use_backend backends1

backend backends1
	mode tcp
	balance roundrobin
	server server1 weight 1 maxconn 100 check inter 2000
	server server2 weight 1 maxconn 100 check inter 2000

HaProxy will listen on port 8081 and redirect the traffic between server1 and server2 using roundrobin algorithm.