Hello ! Many thanks for your help
I´m using Apache web server 2.4.x I used three browsers under MS Windows 7 Professional Service Pack 1 64-bit operatingsystem Windows Internet Explorer Version 9.0.8112.16421 Update Versions 9.0.23 Chiper Strength 256-bit Firefox 25.0.1 Google Chrome Version 31.0.1650.63 m I will try tcpdump to collect inframanion about server and browser SSL sessions ID. Some questions: If undestood you correctly you suspect that SSL sessions are changing all the time. What software is responsible changing SSL sessioon ID - browser , Apache web server ?! Does this mean that borwser cant be used with HAproxy with SSL sessioon afinity - sticky ssl sessions !? Lauri-Alo Adamson -----Original Message----- From: Cyril Bonté [mailto:[email protected]] Sent: Saturday, January 04, 2014 9:26 PM To: Lauri-Alo Adamson; [email protected] Cc: Lukas Tribus Subject: Re: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment Hi, Le 04/01/2014 20:09, Lauri-Alo Adamson a écrit : > Are you tcpdumping the frontent traffic? > If undestood correctly tcpdump displays encrypted traffic without > necessary information about affinity Yes it does. This will allow to check the SSL session id in each ClientHello/ServerHello message. From what I've read in the thread, I'm pretty sure your ID is changing all the time. Oh btw, you didn't say which browser you were using (and the version). > < Are you sure your backend servers have an session cache enabled and working? > Person who configred these apache server ensures that these things are > working I will tried source ip based affinity/stickiness and all > worked as expected > (http://blog.exceliance.fr/2011/07/12/send-user-to-the-same-backend-fo > r-both-http-and-https/) Yes sticking on the source ip is a better idea (even if it is not perfect for all usages). -- Cyril Bonté
