Hello Aleksandar On 3/17/2016 6:00 PM, Aleksandar Lazic wrote: > Okay I'm now lost 8-O > > please can anyone help me to understand how the flow works. > > 1st Request > client -> ssl handshake -> haproxy server 1 (tls ticket?!) > > 2nd Request > Same client -> ssl handshake -> haproxy server 2 (tls ticket?!) >
I'll just oversimplify everything :) The TLS ticket is maintained on the client side and contains an encrypted session state which can be used to resume a TLS session. The keys for decrypting this information are distributed to all HAproxy servers so that any server might resume the session. What you are specifying in tls-ticket-keys file are the encryption (and decryption) keys. Regards, Nenad
