On Tue, Sep 9, 2014 at 11:37 PM, Shawn Heisey <[email protected]> wrote: > On 9/3/2014 4:40 PM, Shawn Heisey wrote: >> I am having some problems with SSL negotiation taking a really long >> time. There were 20 seconds between client hello and server hello on >> one session noticed with a packet capture, 28 seconds on another. >> Currently that connection is being handled by a load balancer based on >> the LVS-NAT solution - the linux kernel. > > Did anyone have any ideas on this? See the original message (2014/09/03 > at 22:40 UTC) for full details. I'm having very long SSL negotiation > with a load balancer other than haproxy, hoping haproxy will fix it, but > the logging available won't tell me whether it's fixed or not. > > I am having a different problem specifically with haproxy that I will > put in another email thread. > > Thanks, > Shawn > >
Hi Shawn, Please explain how your LB layers are architectured Also, if you're able to reproduce easily the problem, out of production, then a tcpdump + strace of HAProxy may help. Share them privately if you want. Baptiste
