2016-03-17 20:48 GMT+01:00 Aleksandar Lazic <[email protected]>: > Hm I'm not sure if understand this right. > I will try to repeat just to check if I have understand it righ. > > http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#5.1-tls-ticket-keys > > ##### > frontend ssl > bind :443 ssl tls-ticket-keys /myramdisk/ticket-file <= this is a local > file right > stick-table type binary len ?? 10m expire 12h store ??? if { > req.ssl_st_ext 1 } > ###### > > could this pseudo conf snippet work? > What I don't understand is HOW the tls ticket 'distributed to all HAproxy > servers' with the current haproxy options.
If this local file is the same on two servers then those two servers can both resume the same session. Session state is stored on the client (encrypted by the contents of "this local file"). There is no need to distribute anything apart this local file. The downside is that not all clients support this. -- Janusz Dziemidowicz
