Hello Bjorn,
On 5/30/2016 4:29 PM, Björn Zettergren wrote:
> Hi,
>
> I've been playing around with the ECC+RSA certificate on same IP as
> described in the haproxy blog at
> http://blog.haproxy.com/2015/07/15/serving-ecc-and-rsa-certificates-on-same-ip-with-haproxy/
>
> However, I get unexpected results when testing and I'm thinking that
> my problem is with the sample fetching of req.ssl_ec_ext on incoming
> requests being inconsistent or haproxy starts processing the request
> before enough of the data has been sent. I don't know how to
> troubleshoot any further or how to get it working, if it's at all
> expected to work "as advertised".
Yes, it seems like the case is that the fetch is only called once, when
there is not enough data in the buffer. You can work around this like:
tcp-request inspect-delay 5s
tcp-request content accept if {req.ssl_ec_ext 0 }
Regards,
Nenad
