On 30/05/2016 05:24 μμ, Nenad Merdanovic wrote: > Hello Bjorn, > > On 5/30/2016 4:29 PM, Björn Zettergren wrote: >> Hi, >> >> I've been playing around with the ECC+RSA certificate on same IP as >> described in the haproxy blog at >> http://blog.haproxy.com/2015/07/15/serving-ecc-and-rsa-certificates-on-same-ip-with-haproxy/ >> >> However, I get unexpected results when testing and I'm thinking that >> my problem is with the sample fetching of req.ssl_ec_ext on incoming >> requests being inconsistent or haproxy starts processing the request >> before enough of the data has been sent. I don't know how to >> troubleshoot any further or how to get it working, if it's at all >> expected to work "as advertised". > > Yes, it seems like the case is that the fetch is only called once, when > there is not enough data in the buffer. You can work around this like: > tcp-request inspect-delay 5s
That option was never clear to me what it does. Does it introduce a delay on user's request? I think it only delays the inspection of the request from haproxy but the actual request isn't delayed. Am I right? Cheers, Pavlos
signature.asc
Description: OpenPGP digital signature
