Hi Igor, On Mon, May 06, 2019 at 12:26:33AM +0800, Igor Pav wrote: > Hi, Olivier, thanks for the effort. So can we force the server always > to carry data to remote via 0RTT like below scenario(to protect > http2http in unsecured env)? > > listen http -- server default x.x ssl allow-0rtt ----(SSL)---- bind > x.x ssl allow-0rtt -- http backend >
As it is currently, no. Haproxy will never attempt to use 0RTT on server connections if the client didn't use 0RTT. 2.0, however, which should be released in a not to distant future, will let you do that, with the new "retry-on" feature. Regards, Olivier
