On Fri, Mar 15, 2013 at 11:35:01PM +0100, Lukas Tribus wrote:
>
> > I suspect that some clients fail to use SNI. I've already seen
> > this from time to time. It looks like after some errors, they
> > refrain from using SNI or even TLS at all and fall back to SSLv3.
>
> This scared my a bit, so I
> I suspect that some clients fail to use SNI. I've already seen
> this from time to time. It looks like after some errors, they
> refrain from using SNI or even TLS at all and fall back to SSLv3.
This scared my a bit, so I've done some digging.
I've found 2 related bug reports with a lot of det
On 15.03.2013, at 15:54, Willy Tarreau wrote:
> Hi Dmitry,
>
> On Fri, Mar 15, 2013 at 03:25:10PM +0400, Dmitry Sivachenko wrote:
>> Hello!
>>
>> I am using haproxy-1.5-dev17. I use hostnames in my config file rather than
>> IPs.
>> If DNS is not working, haproxy will dump core on start or c
Hi Dmitry,
On Fri, Mar 15, 2013 at 03:25:10PM +0400, Dmitry Sivachenko wrote:
> Hello!
>
> I am using haproxy-1.5-dev17. I use hostnames in my config file rather than
> IPs.
> If DNS is not working, haproxy will dump core on start or config check.
>
> How to repeat:
> Put some fake stuff in /e
Hello!
I am using haproxy-1.5-dev17. I use hostnames in my config file rather than
IPs.
If DNS is not working, haproxy will dump core on start or config check.
How to repeat:
Put some fake stuff in /etc/resolv.conf so resolver does not work.
Run haproxy -c -f :
/tmp# ./haproxy -c -f ./haproxy
Hi,
I have some strange problem with Haproxy, during download connection
sometimes gets closed.
When I try to fetch file using wget I get: 2013-03-15 11:10:33 (424 KB/s) -
Connection closed at byte 91975620. Retrying.
My haproxy.cfg:
global
maxconn 12
user h
On Thu, Mar 14, 2013 at 07:08:34PM +0100, Lukas Tribus wrote:
>
> > But we are wondering if it can scale up to thousands or more say
> > 100k ssl certificates. Has anyone tried it?
>
> I believe Willy has seen configurations with 50k certificates running
> fine.
Yes I know at least one site doin
Hi Kenneth,
On Thu, Mar 14, 2013 at 06:59:08PM +0100, Kenneth Mutka wrote:
> Hi,
>
> I have not tried with thousands of certificates, only some 20-30 or so,
> using SNI.
> My problem has been that every once in a while the default certificate is
> served up, rather than the one for the requested
Kenneth asked me to forward this to the list because it seems that
some of the gmail servers seem to be temporarily blocked by the RBLs.
Willy
- Forwarded message from Kenneth Mutka -
From: Kenneth Mutka
Date: Thu, Mar 14, 2013 at 7:19 PM
Subject: Re: Performance using SNI with many di
9 matches
Mail list logo
