Hello Johan,
we are gonna need the outputs of "haproxy -vv" from both situations, as well as at the very least *all* the ssl configuration parameters in haproxy that you are using. However, I do not believe it is likely that we can find the root cause, without access to those handshakes, since it cannot be reproduced by openssl s_client. What definitely changed in haproxy 2.2 is that the default minimum TLS version is now 1.2. To rollback to TLS 1.0 you can configure: global ssl-default-bind-options ssl-min-ver TLSv1.0 Regards, Lukas On Wed, 3 Feb 2021 at 13:36, Johan Andersson <[email protected]> wrote: > > To whom it may concern > > > > We have recently upgraded out HAProxy version from 2.1.3 to 2.2.4. > > After the upgrade we got customer complaints that the data usage of their > devices had gone up. Our company sells proprietary hardware that logs data > and sends that to a web service which we host. These devices are often > deployed remotely and connected via shaky 3G connections with data-capped SIM > cards, so low data usage is very important. > > After some digging with Wireshark, we found that the SSL sessions are not > resumed. Instead a new handshake is initiated every time the device sends > data. Which is typically once an hour. > > We have set the global tune.ssl.lifetime parameter to 24h and the > tune.ssl.cachesize to 100000 and this has worked since HAProxy version 1.6.9 > when we first introduced it. > > We have also tested with the latest 2.1.11 release of HAProxy and it behaves > the same way as the 2.1.3 version. We have also tested with 2.2.0 and 2.2.8 > and they behave the same as 2.2.4. > > > > We have tried reproducing this with openssl s_client, saving the session id > between requests but can’t reproduce it that way. > > We have also pored over the change logs between versions to see if there is > some change that could make HAProxy behave this way. > > > > We’re at a loss here, what could cause this behavior, and how can we fix it? > > > > > > Best regards > > > > Johan Andersson > > Development Engineer > > Global Platforms Cloud Team > > > > HMS Industrial Networks AB > > Stationsgatan 37, Box 4126 > > 300 04 Halmstad, Sweden > > > > Email: [email protected] > > > > > > HALMSTAD | BARCELONA | BEIJING | BOSTON | BUCHEN | CHICAGO | COVENTRY | DEN > BOSCH | DUBAI | IGUALADA | > > KARLSRUHE | MILAN | MULHOUSE | NIVELLES | PUNE | RAVENSBURG | SEOUL | > SINGAPORE | TOKYO | WETZLAR > >
