> On Oct 13, 2016, at Oct 13, 3:19 PM, Thierry Fournier
> wrote:
>
>
> The negociated cipher is "AECDH-AES256-SHA", and I don't know if this
> cipher is ECDSA :) At least it seems to work.
>
> Thierry
>
That’s not a cipher that would normally be considered “good”
Hi,
Thanks guys for the tips. I can connect to haproxy with ECDSA cipher
using the following cipher string on the OpenSSL client side:
openssl s_client -connect 127.0.0.1:1 -cipher ECDSA:EECDH:ECDH
and this string in the haproxy configuration:
ssl-default-bind-ciphers
Hi Pierre,
Am 13.10.2016 um 18:56 schrieb Pierre Cheynier:
This becomes impossible in PaaS-like approach where many events occurs and may trigger
reloads every seconds. BTW, the new "no-reuseport" feature does not help in my
case (as well as ip/nftables or tc workarounds) because it
Hi list,
I experiment the following behaviour : I'm on 1.6.8 (same behaviour in
1.4/1.5), use systemd and noticed that when reloads are relatively frequent,
old processes sometimes never dies and stays bound to the TCP socket(s), thanks
to SO_REUSEPORT.
Here is an example of process tree:
Haproxy doesn't write to /var/log/local6.log, that's your logging daemon
(syslog-ng, rsyslog, whatever). That is what you need to adjust.
Most such logging daemons have the ability to match & filter based on
the contents of the log message. If there's nothing in the contents of
the message for you
Hello, dear developers!
Several haproxy ports outputting log in local6. The very same local6
outputs logs to overall /var/log/local6.log file that is in one file.
Required to implement each output port a separate file *.log, not in
common. Suitable for this log-tag? Other options?
6 matches
Mail list logo