To whom it may concern We have recently upgraded out HAProxy version from 2.1.3 to 2.2.4. After the upgrade we got customer complaints that the data usage of their devices had gone up. Our company sells proprietary hardware that logs data and sends that to a web service which we host. These devices are often deployed remotely and connected via shaky 3G connections with data-capped SIM cards, so low data usage is very important. After some digging with Wireshark, we found that the SSL sessions are not resumed. Instead a new handshake is initiated every time the device sends data. Which is typically once an hour. We have set the global tune.ssl.lifetime parameter to 24h and the tune.ssl.cachesize to 100000 and this has worked since HAProxy version 1.6.9 when we first introduced it. We have also tested with the latest 2.1.11 release of HAProxy and it behaves the same way as the 2.1.3 version. We have also tested with 2.2.0 and 2.2.8 and they behave the same as 2.2.4.
We have tried reproducing this with openssl s_client, saving the session id between requests but can't reproduce it that way. We have also pored over the change logs between versions to see if there is some change that could make HAProxy behave this way. We're at a loss here, what could cause this behavior, and how can we fix it? Best regards Johan Andersson Development Engineer Global Platforms Cloud Team HMS Industrial Networks AB Stationsgatan 37, Box 4126 300 04 Halmstad, Sweden Email: [email protected]<mailto:[email protected]> [cid:[email protected]] HALMSTAD | BARCELONA | BEIJING | BOSTON | BUCHEN | CHICAGO | COVENTRY | DEN BOSCH | DUBAI | IGUALADA | KARLSRUHE | MILAN | MULHOUSE | NIVELLES | PUNE | RAVENSBURG | SEOUL | SINGAPORE | TOKYO | WETZLAR
