HAProxy returns a 502 error when ssl offload and response has a large header

Wed, 06 Feb 2019 00:25:33 -0800 

Hello everybody,
Has anyone ever found that HAProxy returns a 502 error when ssl offload is 
enabled and the http response contains a very long header.
If I turn off SSL offload , all is OK with the same header.

I Use HaProxy 1.8.17 on PFSense 2.4.4p1

Regards,

uname -a
FreeBSD PFSHA3.statim.fr 11.2-RELEASE-p4 FreeBSD 11.2-RELEASE-p4 #2 
b00c407ba5d(RELENG_2_4_4): Mon Nov 26 11:41:48 EST 2018     
[email protected]:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense
  amd64


haproxy -vv
HA-Proxy version 1.8.17 2019/01/08
Copyright 2000-2019 Willy Tarreau <[email protected]>

Build options :
 TARGET  = freebsd
 CPU     = generic
 CC      = cc
 CFLAGS  = -O2 -pipe -fstack-protector -fno-strict-aliasing 
-fno-strict-aliasing -Wdeclaration-after-statement -fwrapv 
-Wno-address-of-packed-member -Wno-null-dereference -Wno-unused-label 
-DFREEBSD_PORTS
 OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_ACCEPT4=1 
USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1

Default settings :
 maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with network namespace support.
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"), deflate("deflate"), 
raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.42 2018-03-20
Running on PCRE version : 8.42 2018-03-20
PCRE library supports JIT : yes
Built with multi-threading support.
Encrypted password support via crypt(3): yes
Built with transparent proxy support using: IP_BINDANY IPV6_BINDANY
Built with Lua version : Lua 5.3.4
Built with OpenSSL version : OpenSSL 1.0.2o-freebsd  27 Mar 2018
Running on OpenSSL version : OpenSSL 1.0.2o-freebsd  27 Mar 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2

Available polling systems :
    kqueue : pref=300,  test result OK
      poll : pref=200,  test result OK
    select : pref=150,  test result OK
Total: 3 (3 usable), will use kqueue.

Available filters :
    [TRACE] trace
    [COMP] compression
    [SPOE] spoe


--
Steve Giraud

Reply via email to