Hi Heiko,
I did a couple of new tests. But as my self-compiled version 1.5.5 did
behave weird sometimes I decided to have a try with the 1.5.2 from Red
Hat which was packaged with RHEL 6.6. I will do a re-test tomorrow but:
- the self-compiled version tried to use TLS 1.2 a couple of times
Hello,
I would like to increase the timeout delay for the actual L7 HTTP checks
on the backends. I have a (quite slow) application that (of course),
need a lot of improving. Anyway, it sometimes takes more than 2000ms to
answer, I guess, because one of the nodes display as L7TOUT/200 in 2001
Dear haproxy team,
Let me start off by sharing that I am a very happy haproxy user :)
Recently I was strugling a bit with timeouts on established connections to
a backend, and was looking for a way to lower this timeout for the outbound
haproxy connections. This is useful if a backend suddenly
Hi Rémi,
On Fri, Oct 10, 2014 at 06:57:33PM +0200, Remi Gacogne wrote:
I finally found the time to test with a proper boringssl build. This
minor patch cleans the way haproxy checks for enabled DHE ciphers at
configuration time, replacing a direct access to the cipher_list member
by a call to
On 18.10.2014 16:37, David Coulson wrote:
You mean like this?
http://blog.haproxy.com/2014/10/15/haproxy-and-sslv3-poodle-vulnerability/
On 10/18/14, 10:34 AM, Malcolm Turnbull wrote:
I was thinking Haproxy could be used to block any non-TLS
connection
Like you can with iptables:
On 16/10/2014 12:12 μμ, Olivier wrote:
Hi,
2014-10-16 10:34 GMT+02:00 Neil - HAProxy List
maillist-hapr...@iamafreeman.com
mailto:maillist-hapr...@iamafreeman.com:
I'd go further. Sslv3 us an obsolete protocol does anyone disagree
with that?
For a start make no-sslv3 the
Is something like this also possible with SNI or strict-SNI enabled? I would
like to issue a message when a browser doesn't support SNI.
Sander
Hi Sander,
Yes, you can.
Baptiste
Hello Lukas,
On other thing that cames to my mind is intermediate certificates.
Are intermediate certificates correctly installed on haproxy?
Here we got the problem and now it is clear to me — all the behavior we saw in
the tcpdumps.
The browsers have the intermediate cert installed and
On other thing that cames to my mind is intermediate certificates.
Are intermediate certificates correctly installed on haproxy?
Here we got the problem and now it is clear to me — all the behavior we
saw in the tcpdumps. The browsers have the intermediate cert installed
and that´s why it
On 17.10.2014 03:47, Dennis Jacobfeuerborn wrote:
Hi,
I'm currently trying to determine the best configuration for haproxy but
have issues with understanding how the cpu's are used.
The system is a virtual machine configured with 8 cores. The global
section of the configuration contains
Hi Willy,
Thanks for responding. We're using 1.5.5 (now 1.5.6) in the testing
environment. Also tried 1.4.15 (what we use in production for other
services), and it has the same issue.
Also tried Baptiste's suggestion of option http-use-proxy-header but
that didn't help.
Our config:
Hi Jason,
On Mon, Oct 20, 2014 at 04:40:44PM -0700, Jason J. W. Williams wrote:
Hi Willy,
Thanks for responding. We're using 1.5.5 (now 1.5.6) in the testing
environment. Also tried 1.4.15 (what we use in production for other
services), and it has the same issue.
Also tried Baptiste's
12 matches
Mail list logo