Hi Godbach,
On Thu, Jun 20, 2013 at 01:53:43PM +0800, Godbach wrote:
Hi, Willy
Since event_accept() was not used any more in latest snapshot. There is
a patch in attachment for removing this function for your information.
The commit log is as follows:
CLEANUP: session: remove
Hi Merton,
It is a good way to capture the packets during SSL handshake by tcpdump
or wireshark from your client to find out what error happens. I have
used this method in debugging SSL feature in haproxy.
FYI.
Best Regards,
Godbach
On 2013/6/20 1:46, Merton Lister wrote:
Thank you Lukas.
Hi, Willy
I have noticed that half-closed timeout appears in ROADMAP file.
That't the issue I have tested several days ago.
I have done a test under such conditions:
1) block the response from server by iptables rules.
2) client closes connection after sending request to haproxy ASAP.
and
Hi Ahmed,
you are in tunneling mode, only the first request will be inspected!
Please configure option http-server-close or option httpclose:
http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#option%20http-server-close
Hello,
is it possible to set our preferred ciphers in defaults section? Background is
that we set as in
http://blog.exceliance.fr/2013/01/21/mitigating-the-ssl-beast-attack-using-the-aloha-load-balancer-haproxy/
described alternative ciphers to be secured against BEAST.
It would be great not
Hello Lukas,
Here is the updated config file. I added http-server-close to the default:
global
daemon
maxconn 500
defaults
mode http
balance roundrobin
timeout connect 1ms
timeout server 5ms
timeout client 5000
option http-server-close
frontend http-in
Ah, now I think I see where you are going with this.
I do not have anything on any server that ends in /jboss. The whole thing
about having /jboss was simply for haproxy. What I was expecting is haproxy
gets a request that has /jboss in it, and it would think this user wants
the jboss cluster,
Hi All,
I had an itch, the itch was that I could get a better score on the
SSL LABS test with IIS 7.5 than I could with HAProxy terminating SSL
With
ciphers RC4:HIGH:!aNULL:!MD5
I would get
Certificate 100
Protocol Support 90
Key Exchange 80
Cipher Strength 90
With IIS I could get
Certificate
Hi,
Getting the highest score is not doable in the real life.
It would need to :
- disable all but TLS 1.2 (and forget more or less all current browsers)
- use a =4096 bits key (and thanks to your CPU power and bandwidth)
etc...
The score is explained here :
Hi,
On 20.06.2013 19:20, shouldbe q931 wrote:
ciphers RC4-SHA:AES128-SHA:AES256-SHA
The problem with this cipher choice as well as with
'|RC4:HIGH:!aNULL:!MD5' is that now the browser uses RC4 maximum 128BIt.
So AES256-SHA is never used by the
browser. (|TLS_RSA_WITH_AES_256_CBC_SHA)
If this
Thanks for the clarification Lukas.
I will have to do some work on the backend servers to accommodate for that.
I am not sure if it does switch to the immutant backend but it doesn't seem
that way from the debug mode. However, I might be missing something (I'm
still new to this)...
Thanks
On
I see, you are right. When I do a curl -I, I see that the logs match the
output of the curl immutant-ip/jboss.
Thanks again for clarifying how this works, I really appreciate that :)
On Thu, Jun 20, 2013 at 2:32 PM, Lukas Tribus luky...@hotmail.com wrote:
Hi Ahmed,
I am not sure if it does
Hi Lukas,
On Thu, Jun 20, 2013 at 08:26:47PM +0200, Lukas Tribus wrote:
Hi Willy,
One is a fix (to-from) and can as well include the doc fix.
Attaching the patch. I stole your explanation for the commit message, hope
you don't mind :)
No of course, you're welcome.
I'm thinking about
Приглашаем вас на концерт ансамбля ТРУФАНОВ ОРКЕСТРА солист ВЯЧЕСЛАВ ТРУФАНОВ (гитара, вокал).
3 О июня (воскресенье) в 2О .0 О в клубе «Альма-Матер» на Таганке (смотрите одноименный сайт клуба), схема Малого зала на 30 июня , выбор и заказ мест, приобретение билетов.
nike shox in everyone's feeling from the coating to break into explosion design
is basically less and less, Please not confuse this explosive crack Along with
Safari pattern. Overwhelmed by the revolutionary design of tailor made big
Mache II nike shox a single SUPREME new,http://www.nike.com
nike shoes uk 2013 future shelves on 12 , 31, To bell ringer the occasion, Nike
special MvsW bolted faction bucket activities used yesterday evening,
attended by Xu Hao Ying, Jan Dear, Stephanie Cheng also poems Ya, 903DJ
DonaldMr member of the Dash, part with the Dear Jane Bob and Jackal,
nike free 5.0 damen 2013 Laufschuhe Zwischensohle und Laufsohle flex Linien
entworfen zu erhöhen Mächtigkeit, und so der variable Die transluzenten Gummi
knifflig Verschleiß, und trotzdem a fantastisch nike kostenlos aufblasbaren
Kissen um sicherzustellen, dass Dämpfungstechnologie Blick Vom
On 2013/6/20 21:31, Godbach wrote:
On 2013/6/20 21:18, Willy Tarreau wrote:
Hi Godbach,
On Thu, Jun 20, 2013 at 09:07:57PM +0800, Godbach wrote:
Hi, Willy
I have noticed that half-closed timeout appears in ROADMAP file.
That't the issue I have tested several days ago.
I have done a test
18 matches
Mail list logo