Hi Oliver,
> 2016-03-24 17:12 GMT+01:00 Lukas Tribus > <[email protected]<mailto:[email protected]>>: > > If thats not it, and no old haproxy instances are present after the > > reload, could you compile Vincent's rfc5077-client from [1]: > > Output can be find here > > : https://gist.github.com/anonymous/6ec7c863f497cfd849a4 > > (HTTP 500 error is normal, as you are using HEAD / HTTP/1.0 and our web > > servers require a Host header) > > Well, its not supposed to look like this, there is clearly something > wrong. Master key fluctuates between the requests with TLS tickets > and the reuse collumn shows failure. Looks like a haproxy bug, I think I can reproduce it. Can you try with EXACTLY 3 keys in /tmp/tls_ticket_keys? Then check with the rfc5077-client and if possible check CPU load in production. Thanks, Lukas
