Hi Nenad
Am 17-03-2016 19:27, schrieb Nenad Merdanovic:
Hello Aleksandar
On 3/17/2016 6:00 PM, Aleksandar Lazic wrote:
Okay I'm now lost 8-O
please can anyone help me to understand how the flow works.
1st Request
client -> ssl handshake -> haproxy server 1 (tls ticket?!)
2nd Request
Same client -> ssl handshake -> haproxy server 2 (tls ticket?!)
I'll just oversimplify everything :) The TLS ticket is maintained on
the
client side and contains an encrypted session state which can be used
to
resume a TLS session. The keys for decrypting this information are
distributed to all HAproxy servers so that any server might resume the
session. What you are specifying in tls-ticket-keys file are the
encryption (and decryption) keys.
Hm I'm not sure if understand this right.
I will try to repeat just to check if I have understand it righ.
http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#5.1-tls-ticket-keys
#####
frontend ssl
bind :443 ssl tls-ticket-keys /myramdisk/ticket-file <= this is a
local file right
stick-table type binary len ?? 10m expire 12h store ??? if {
req.ssl_st_ext 1 }
######
could this pseudo conf snippet work?
What I don't understand is HOW the tls ticket 'distributed to all
HAproxy servers' with the current haproxy options.
Thanks for the patience.
BR Aleks
