Thank you for your reply

I think it is related to these changes and the configuration we have for
timeouts.

http://git.haproxy.org/?p=haproxy-2.4.git;a=commit;h=f5b2c3f1e65f57782afe30981031f122bd8ee24c

http://git.haproxy.org/?p=haproxy-2.4.git;a=commit;h=211fc0b5b060bc7b1f83e6514a8ceaeda7e65ee0

        mode    http
        option allbackups
        timeout http-request 5s
    *    timeout http-keep-alive 500*
        timeout connect 5000
        timeout client  40s
        timeout server  40s
        maxconn 100000

We will try to confirm this and let you know.

-- 
regards
Tomek

pt., 20 maj 2022 o 23:26 Willy Tarreau <w...@1wt.eu> napisaƂ(a):

> Hi Tomasz,
>
> On Fri, May 20, 2022 at 05:17:19PM +0200, Tomasz Ludwiczak wrote:
> > Hi,
> >
> > I am seeing an increase in SSL Key Generation after upgrading from 2.4.15
> > to 2.4.17. I have not changed the openssl version. Does anyone have an
> idea
> > what this could be related to?
> > I have looked at the changes from 2.4.16 and 2.4.17 and nothing obvious
> > pointing to changes around TLS reuse.
>
> Interesting, I've reviewed the fixes merged between the two and cannot
> find anything relevant. Do you have copies of the "show info" output
> before the upgrade to compare before and after ? There are SSL lookups
> and misses there. These could give some hints about what is happening.
> Have you tried reverting to 2.4.15 to see if the problem disappears ?
> We could for example imagine that it's concommittant with another change
> that happened during the same upgrade (e.g. openssl lib upgrade), even
> if I would find it unlikely as well. Are you certain you didn't change
> any tuning option in the config between the two versions ? For example
> reducing the size of the SSL session cache could make a difference.
>
> It would be useful if you could also test with 2.4.16 to help figure if
> that's related to a change between 2.4.15->16 or 2.4.16->17.
>
> Regards,
> Willy
>

Reply via email to