Re: ECDSA and HAProxy help

> On Oct 13, 2016, at Oct 13, 3:19 PM, Thierry Fournier > wrote: > > > The negociated cipher is "AECDH-AES256-SHA", and I don't know if this > cipher is ECDSA :) At least it seems to work. > > Thierry > That’s not a cipher that would normally be considered “good”

Re: ECDSA and HAProxy help

Hi, Thanks guys for the tips. I can connect to haproxy with ECDSA cipher using the following cipher string on the OpenSSL client side: openssl s_client -connect 127.0.0.1:1 -cipher ECDSA:EECDH:ECDH and this string in the haproxy configuration: ssl-default-bind-ciphers

Re: HAProxy reloads lets old and outdated processes

Hi Pierre, Am 13.10.2016 um 18:56 schrieb Pierre Cheynier: This becomes impossible in PaaS-like approach where many events occurs and may trigger reloads every seconds. BTW, the new "no-reuseport" feature does not help in my case (as well as ip/nftables or tc workarounds) because it

HAProxy reloads lets old and outdated processes

Hi list, I experiment the following behaviour : I'm on 1.6.8 (same behaviour in 1.4/1.5), use systemd and noticed that when reloads are relatively frequent, old processes sometimes never dies and stays bound to the TCP socket(s), thanks to SO_REUSEPORT. Here is an example of process tree:

Re: Output logs in separate files

Haproxy doesn't write to /var/log/local6.log, that's your logging daemon (syslog-ng, rsyslog, whatever). That is what you need to adjust. Most such logging daemons have the ability to match & filter based on the contents of the log message. If there's nothing in the contents of the message for you

Output logs in separate files

Hello, dear developers! Several haproxy ports outputting log in local6. The very same local6 outputs logs to overall /var/log/local6.log file that is in one file. Required to implement each output port a separate file *.log, not in common. Suitable for this log-tag? Other options?