On Fri, Oct 5, 2012 at 11:39 PM, Willy Tarreau <[email protected]> wrote: > On Fri, Oct 05, 2012 at 05:01:39PM -0700, Jesper Noehr wrote: >> >> I realize 1.5-dev12 has SSL support, but this is quite >> >> recent, so we're using the stud->haproxy setup still. >> > >> > I understand :-) There are some brave users anyway who helped us spot >> > a number of issues, but we're not finding that many bugs anymore. >> >> We'd love to have SSL termination inside haproxy for all our needs; >> less moving parts makes these things a lot easier! > > well, we intend to use the upcoming -dev13 in our next aloha LB > appliance, so you can expect that we're doing our best to ensure it > will be rock solid :-) > >> I can reproduce this on a fairly consistent basis on a Windows laptop >> we have sitting around. It fails less often on linux/OSX, if at all. >> We haven't been able to reproduce it on those systems, and we haven't >> had any reports from customers either, although they could've just >> never reported it. > > That's very possible. Everytime I take network traces on a production > system, I ask myself how the hell people don't complain! > >> Is there anything else you can think of? I'm almost willing to try >> anything at this point. > > If you can easily reproduce it with this laptop, it would be interesting > to test it on the LAN and over the net (eg: ADSL line) to see the effect > of latency. I'd really bet it's only a timing issue during some operation. > > You can also sniff the traffic between this laptop and stud, we might > already notice something strange once you isolate a faulty session from > haproxy's logs.
I have a packet dump from a failing session. Can anyone make any sense of this? http://cl.ly/21332L3r1e35 Jesper
