Hey Lucas, On 03/24/2016 09:15 PM, Lukas Tribus wrote: > Hi Nenad, > > >>> Well, its not supposed to look like this, there is clearly something >>> wrong. Master key fluctuates between the requests with TLS tickets >>> and the reuse collumn shows failure. >> >> Looks like a haproxy bug, I think I can reproduce it. >> >> Can you try with EXACTLY 3 keys in /tmp/tls_ticket_keys? > > > there seems to be a bug in the handling of the tls-ticket-keys file. > > When there are 5 or more ticket keys in the file, clients using TLS tickets > can no longer resume the TLS session (and fallback to full negotiation): > > https://gist.github.com/anonymous/6ec7c863f497cfd849a4 >
Thanks a lot for the report. I think I have a fix, just need to validate it. Regards, Nenad > > Workaround would be to remove the oldest key from the file, so > that the number of keys in the file remains below 5. > > > > cheers, > > Lukas > > >
