Hi, Olivier, thanks for the effort. So can we force the server always to carry data to remote via 0RTT like below scenario(to protect http2http in unsecured env)?
listen http -- server default x.x ssl allow-0rtt ----(SSL)---- bind x.x ssl allow-0rtt -- http backend On Sat, May 4, 2019 at 3:06 AM Olivier Houchard <[email protected]> wrote: > > Hi Igor, > > On Fri, May 03, 2019 at 05:21:50PM +0800, Igor Pav wrote: > > Just tested with openssl 1.1.1b and haproxy 1.9.7, it appears no > > success, you are right :) > > > > Indeed :) > I just pushed commit 010941f87605e8219d25becdbc652350a687d6a2 to master, that > let me do 0RTT both as server and as client. This should be backported to > 1.8 and 1.9 soon. > Please note, however, that we will only attempt to connect to a server > using 0RTT if the client did so, as we have to be sure the client support it, > in case it receives a 425. > This may change in 2.0, if we add the ability to retry failed requests. > > Regards, > > Olivier
