Hi Lukas,
2016-03-24 11:15 GMT+01:00 Lukas Tribus <[email protected]>: > > But CPU usage doubled ! I disabled it by adding again > > "ssl-default-bind-options no-tls-tickets" and CPU usage returned to > > normal. > > Ok, when you say CPU usage double do you mean the CPU usage after > a reload/restart, or do you mean CPU usage in general (even after not > reloading haproxy)? > CPU is at 100% just after reload for more than 30s (was a few seconds before) and then CPU usage stays doubled all the time. > > > And /tmp/tls_ticket_keys generated with "openssl rand -base64 48" > > called 3x + appended at each reload. > > By calling it 3 times you are basically destroying the old keys making > sure that TLS tickets CANNOT be reused. You must only generate > a new key ONCE per reload. > I misspoke . I generate 3 keys on haproxy first startup, then append only one ticket at each reload. Olivier
