Thank you for your reply I think it is related to these changes and the configuration we have for timeouts.
http://git.haproxy.org/?p=haproxy-2.4.git;a=commit;h=f5b2c3f1e65f57782afe30981031f122bd8ee24c http://git.haproxy.org/?p=haproxy-2.4.git;a=commit;h=211fc0b5b060bc7b1f83e6514a8ceaeda7e65ee0 mode http option allbackups timeout http-request 5s * timeout http-keep-alive 500* timeout connect 5000 timeout client 40s timeout server 40s maxconn 100000 We will try to confirm this and let you know. -- regards Tomek pt., 20 maj 2022 o 23:26 Willy Tarreau <w...@1wt.eu> napisaĆ(a): > Hi Tomasz, > > On Fri, May 20, 2022 at 05:17:19PM +0200, Tomasz Ludwiczak wrote: > > Hi, > > > > I am seeing an increase in SSL Key Generation after upgrading from 2.4.15 > > to 2.4.17. I have not changed the openssl version. Does anyone have an > idea > > what this could be related to? > > I have looked at the changes from 2.4.16 and 2.4.17 and nothing obvious > > pointing to changes around TLS reuse. > > Interesting, I've reviewed the fixes merged between the two and cannot > find anything relevant. Do you have copies of the "show info" output > before the upgrade to compare before and after ? There are SSL lookups > and misses there. These could give some hints about what is happening. > Have you tried reverting to 2.4.15 to see if the problem disappears ? > We could for example imagine that it's concommittant with another change > that happened during the same upgrade (e.g. openssl lib upgrade), even > if I would find it unlikely as well. Are you certain you didn't change > any tuning option in the config between the two versions ? For example > reducing the size of the SSL session cache could make a difference. > > It would be useful if you could also test with 2.4.16 to help figure if > that's related to a change between 2.4.15->16 or 2.4.16->17. > > Regards, > Willy >