Can you provide wireshark capture? It is very useful On Wed, Feb 3, 2021, 5:39 PM Johan Andersson <[email protected]> wrote:
> To whom it may concern > > > > We have recently upgraded out HAProxy version from 2.1.3 to 2.2.4. > > After the upgrade we got customer complaints that the data usage of their > devices had gone up. Our company sells proprietary hardware that logs data > and sends that to a web service which we host. These devices are often > deployed remotely and connected via shaky 3G connections with data-capped > SIM cards, so low data usage is very important. > > After some digging with Wireshark, we found that the SSL sessions are not > resumed. Instead a new handshake is initiated every time the device sends > data. Which is typically once an hour. > > We have set the global tune.ssl.lifetime parameter to 24h and the > tune.ssl.cachesize to 100000 and this has worked since HAProxy version > 1.6.9 when we first introduced it. > > We have also tested with the latest 2.1.11 release of HAProxy and it > behaves the same way as the 2.1.3 version. We have also tested with 2.2.0 > and 2.2.8 and they behave the same as 2.2.4. > > > > We have tried reproducing this with openssl s_client, saving the session > id between requests but can’t reproduce it that way. > > We have also pored over the change logs between versions to see if there > is some change that could make HAProxy behave this way. > > > > We’re at a loss here, what could cause this behavior, and how can we fix > it? > > > > > > *Best regards* > > > > *Johan Andersson* > > *Development Engineer* > > *Global Platforms Cloud Team* > > > > HMS Industrial Networks AB > > Stationsgatan 37, Box 4126 > > 300 04 Halmstad, Sweden > > > > Email: [email protected] > > > > > > HALMSTAD | BARCELONA | BEIJING | BOSTON | BUCHEN | CHICAGO | COVENTRY | > DEN BOSCH | DUBAI | IGUALADA | > > KARLSRUHE | MILAN | MULHOUSE | NIVELLES | PUNE | RAVENSBURG | SEOUL | > SINGAPORE | TOKYO | WETZLAR > > >
