Re: Haproxy 1.8 http/2 mode does not pass the h2spec conformance test

Sun, 26 Nov 2017 21:11:39 -0800 

A very stripped down version of config

global
    log 127.0.0.1    local0
    log 127.0.0.1    local1 notice
    maxconn 4096
    pidfile /var/run/haproxy.pid
    stats socket /var/run/haproxy.stat mode 600 level admin expose-fd
listeners
    daemon
    tune.ssl.default-dh-param 1024
    tune.ssl.cachesize 100000
    ssl-default-bind-ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-server-ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    tune.bufsize 16384
    tune.maxrewrite 1024
    ssl-engine rdrand
    ssl-mode-async
    nbthread 4

defaults
    log global
    mode http
    compression algo gzip
    compression type text/html text/plain text/css application/javascript
application/octet-stream application/json
    option httplog
    option dontlognull
    option redispatch
    option tcp-smart-accept
    option tcp-smart-connect
    option forwardfor
    timeout check 5s
    timeout client 50s
    timeout tunnel 60000s
    timeout connect 20s
    timeout http-keep-alive 15s
    timeout http-request 30s
    timeout queue 20s
    timeout server 50s
    hash-balance-factor 125
    balance hdr(Cookie)
    hash-type consistent djb2
    stats enable
    stats hide-version
    stats auth XXXX:XXXX
    stats uri /statz
    default-server inter 5s fall 3 rise 1

frontend http
    bind :::80 v4v6
    redirect scheme https if !{ ssl_fc }
    default_backend assets_backend

frontend https
    bind :::443 v4v6 ssl crt <PATH> no-tls-tickets alpn h2,http/1.1
    maxconn 4096
    default_backend assets_backend


On Sun, Nov 26, 2017 at 11:04 PM Willy Tarreau <[email protected]> wrote:

On Mon, Nov 27, 2017 at 03:08:30AM +0000, Robin Anil wrote:
> > See the tool here https://github.com/summerwind/h2spec
>
> Thanks for the link, but could you also post your config ? Given that 100%
> of your tests ended up in "Error: unexpected EOF", I guess there's
> something
> completely wrong somewhere! If the config is not working for whatever
> reason,
> I would at least like to be able to emit a warning or an error when this
> condition is detected.
>
> Willy
>

Reply via email to