> On 18 Jun 2018, at 14:37, Emmanuel Hocdet <[email protected]> wrote:
>
>>
>> Le 18 juin 2018 à 10:43, Thierry Fournier <[email protected]> a
>> écrit :
>>
>>
>>> On 18 Jun 2018, at 10:33, Willy Tarreau <[email protected]> wrote:
>>>
>>> On Sun, Jun 17, 2018 at 09:44:50PM +0200, [email protected]
>>> wrote:
>>>> Finally, I got it ! It works with luck because we have 1 bug in Haproxy
>>>> and 1 error (I suppose) in a OpenSSL compatibility layer.
>>> (...)
>>>> I join two patch. The first which fix the cipher capture must be
>>>> backported to 1.8, for the second patch wich fix the app data
>>>> compatibility, I dont known (at least 1.8).
>>>
>>> Good job! I imagine you didn't have a funny week-end playing with this one
>>> :-/
>>
>>
>> Yes, including the Friday :-) But I hope this path improve stability. If
>> someone
>> have time and is interested by the subject, it may be interesting to see in
>> the
>> OpenSSL code if the slot 0 used without reservation works fine, or works
>> because
>> we have luck.
>>
>
> It work find because slot 0 is natively reserved for old *_{set,
> get}_app_data API compatibility.
Ok, thanks. So the classifcation BUG/MAJOR can be changed for BUG/MEDIUM
because it impacts only the usage of SSL join with the cipherlist hash.
Too late :-)
Thierry
