Hi, I'm running into a problem when using HTTP pipelining (SVN client) with an HAProxy SSL frontend. It appear that sometimes (randomly) after several pipelined requests have been processed, the next pipelined request on the same SSL socket is simply ignored, as if the request has not been read from the TLS stream.
The client hangs waiting for a response, and the server idles (calling poll). The behaviour can be observed when using an SSL (HTTPS) listener, but not when using a regular HTTP listener. It occurs when using poll, epoll, and select modes. It does not occur when using stud as a standalone TLS proxy in front of HAProxy. As per my previous bug report, the client is on a slow DSL connection and the backend on a gigabit connection. I am also running a patch provided by Willy for my previous bug. I hope this is not relevant. Please find the following potentially useful files at http://nutty.tk/haproxy-4.tar.gz (too large for email) * Configuration file * Packet trace (Backend HTTP + Frontend HTTPS) * strace -o log -qvxT -tts 16384 -p 13865 * SVN Client output * TLS key and certificate Sorry for making work for you this week! Version information: HA-Proxy version 1.5.13 2015/06/26 Copyright 2000-2015 Willy Tarreau <[email protected]> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing OPTIONS = USE_OPENSSL=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built without zlib support (USE_ZLIB not set) Compression algorithms supported : identity Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built without PCRE support (using libc's regex instead) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Charlie Charlie Smurthwaite aTech Media tel. 01202 901 222 (ext. 603) email. [email protected]<mailto:[email protected]> web. atechmedia.com<http://atechmedia.com> aTech Media Limited is a registered company in England and Wales. Registration Number 5523199. Registered Office: Unit 9 Winchester Place, North Street, Poole, Dorset, BH15 1NX. VAT Registration Number: GB 868 861 560. This e-mail is confidential and for the intended recipient only. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender.
