> However, if I configure multiple listening sockets, to take advantage > of SO_REUSEPORT (and that is exactly what I have on my production > haproxy 1.5): > bind :443 process 1 ssl alpn http/1.1 crt /etc/ssl/snakeoil.pem > bind :443 process 2 ssl alpn http/1.1 crt /etc/ssl/snakeoil.pem > bind :443 process 3 ssl alpn http/1.1 crt /etc/ssl/snakeoil.pem > bind :443 process 4 ssl alpn http/1.1 crt /etc/ssl/snakeoil.pem > Then tickets do not work properly. Session ID based resumption works > correctly in both cases, which might be a bit confusing for users.
Ok, makes sense. I agree it's dangerous to accept this configuration without any warnings then. Lukas
