2016-03-24 17:12 GMT+01:00 Lukas Tribus <luky...@hotmail.com>: > > If thats not it, and no old haproxy instances are present after the > > reload, could you compile Vincent's rfc5077-client from [1]: > > Output can be find here > > : https://gist.github.com/anonymous/6ec7c863f497cfd849a4 > > (HTTP 500 error is normal, as you are using HEAD / HTTP/1.0 and our web > > servers require a Host header) > > Well, its not supposed to look like this, there is clearly something > wrong. Master key fluctuates between the requests with TLS tickets > and the reuse collumn shows failure. > > Are there any middleboxes between the server and the client? Can > you try directly on the server so it doesn't leave the box (specifically > it doesn't cross any firewalls or other SSL/TLS intercepting MITM). >
I'm sure there is no firewall or MITM. HAProxy is launched with nbproc 7, but the frontend I'm asking for is bind to a single one. Olivier
