I wondered exactly the same thing, but then saw this on the haproxy.org website:
"version 1.8 : multi-threading, HTTP/2, cache, on-the fly server addition/removal, seamless reloads, DNS SRV, hardware SSL engines, ..." I know that haproxy-1.9 added end-to-end HTTP/2, so is that the determining factor? here? Many thanks. Ryan On Mon, Oct 16, 2023 at 12:41 PM Aleksandar Lazic <al-hapr...@none.at> wrote: > > > On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: > > Does 1.8 support http/2? > > No. > > > On Mon, Oct 16, 2023, 18:58 Ryan O'Hara <roh...@redhat.com > > <mailto:roh...@redhat.com>> wrote: > > > > Hi all. > > > > I read the most recently HAProxy Newsletter, specifically the > > article "HAProxy is Not Affected by the HTTP/2 Rapid Reset Attack" > > by Nick Ramirez [1]. A This article states that HAProxy versions 1.9 > > and later are *not* affetced, which is great. This implies that > > haproxy-1.8 *is* affected, but it also doesn't come right out and > > say that. I understand haproxy-1.8 is EOL, but do we know for > > certain that haproxy-1.8 is affected or not? Asking for a reason. > > > > And shout-out to Nick for writing such a great article! Thank you, > Nick! > > > > Ryan > > > > [1] > > > https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 > < > https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 > > > > > >
