On 17/03/2016 12:26 μμ, Nenad Merdanovic wrote: > Hello Gary, > > On 3/17/2016 11:51 AM, Gary Barrueto wrote: >> >> While that would help a single server, how about when dealing with multi >> servers + anycast: Has there been any thoughts about sharing ssl/tls >> session cache between servers? Like how apache can use memcache to store >> its cache or how cloudfare used/patched openresty to do the same recently. >> > > HAproxy can load TLS ticket keys from file, which can be distributed by > a central server. That way the information is kept on the client side > and can be reused by any server in the anycasted pool. > > https://cbonte.github.io/haproxy-dconv/configuration-1.6.html#5.1-tls-ticket-keys >
I am working(not very actively) on a solution which utilizes this. It will use www.vaultproject.io as central store, a generating engine and a pull/push mechanism in place. But, the current version of HAProxy doesn't support different TLS tickets per frontend, which I would like to use. Cheers, Pavlos
signature.asc
Description: OpenPGP digital signature