Hi,
I'm talking only about performance ways)
About socket.
I use UDP for sending, there are no reasons for delays.
However, my bad - I misunderstood some FDs in "lsof". It is not related to that
UDP-sending, that is OK.
About file system.
I open file from disk for GeoIP, but finally it cached
On Mon, Jan 21, 2019 at 04:39:53AM +0100, Willy Tarreau wrote:
> Hi,
>
> On Thu, Jan 17, 2019 at 08:21:39AM +, Uman Shahzad wrote:
> > If we fail to initialize pollers due to fdtab/fdinfo/polled_mask
> > not getting allocated, we free any of those that were allocated
> > and exit. However the
Hi,
On Thu, Jan 17, 2019 at 08:21:39AM +, Uman Shahzad wrote:
> If we fail to initialize pollers due to fdtab/fdinfo/polled_mask
> not getting allocated, we free any of those that were allocated
> and exit. However the ordering was incorrect, and there was an old
> unused and unreachable
On Sun, Jan 20, 2019 at 03:08:23PM -0800, Adam Langley wrote:
> On Sun, Jan 20, 2019 at 2:41 PM Willy Tarreau wrote:
> > Just out of curiosity, if such out-of-band messages are enabled again in
> > 1.3, do you think this might have any particular impacts on something like
> > kTLS where the TLS
Hi, can someone check this one out? Is there something wrong with it?
On Thu, Jan 17, 2019, at 13:21, Uman Shahzad wrote:
> If we fail to initialize pollers due to fdtab/fdinfo/polled_mask
> not getting allocated, we free any of those that were allocated
> and exit. However the ordering was
Thank you for clarification.
Regard
Aleks
Ursprüngliche Nachricht
Von: Adam Langley
Gesendet: 21. Jänner 2019 00:12:59 MEZ
An: Aleksandar Lazic
CC: haproxy@formilux.org, Willy Tarreau , eb...@haproxy.com
Betreff: Re: HAProxy with OpenSSL 1.1.1 breaks when TLS 1.3 KeyUpdate
On Sun, Jan 20, 2019 at 3:04 PM Aleksandar Lazic wrote:
> which refers to
> https://www.openssl.org/docs/manmaster/man3/SSL_key_update.html
>
> instead of the suggested Patch?
The SSL_key_update function enqueues a KeyUpdate message to be sent.
The problem is that if a /client/ of HAProxy
On Sun, Jan 20, 2019 at 2:41 PM Willy Tarreau wrote:
> Just out of curiosity, if such out-of-band messages are enabled again in
> 1.3, do you think this might have any particular impacts on something like
> kTLS where the TLS stream is deciphered by the kernel ? I don't know how
> such messages
Hi.
As far as I understood the keyupdate
https://tools.ietf.org/html/rfc8446 4.6.3
which you refer proper isn't it also a option to use
https://wiki.openssl.org/index.php/TLS1.3#Renegotiation
which refers to https://www.openssl.org/docs/manmaster/man3/SSL_key_update.html
instead of the
Hi Adam,
[ccing Emeric]
On Sun, Jan 20, 2019 at 01:12:44PM -0800, Adam Langley wrote:
> KeyUpdate messages are a feature of TLS 1.3 that allows the symmetric
> keys of a connection to be periodically rotated. It's
> mandatory-to-implement in TLS 1.3, but not mandatory to use. Google
> Chrome
KeyUpdate messages are a feature of TLS 1.3 that allows the symmetric
keys of a connection to be periodically rotated. It's
mandatory-to-implement in TLS 1.3, but not mandatory to use. Google
Chrome tried enabling KeyUpdate and promptly broke several sites, at
least some of which are using
11 matches
Mail list logo