Hello William, here[1] is some context. I implemented a parsing of the reload
command sent to the master cli, leave it running for a while and got an index
out of bounds (in my code) this week.
I'm using this lay out to parse the reload output:
// 1 3
in the same manner of agentaddr, we now:
- permit to set agentport through `port` keyword, like it is the case
for agentaddr through `addr`
- set the priority on `agent-port` keyword when used
- add a flag to be able to test when the value is set like for agentaddr
it makes the behaviour
While trying to fix some consistency problem with the config file/cli
(e.g. check-port cli command does not set the flag), we realised
checkport flag was not necessarily needed. Indeed tcpcheck uses service
port as the last choice if check.port is zero. So we can assume if
check.port is zero, it
Hello Christopher,
Here is my last update on port/addr consistency. I addressed all the
point you mentioned. I hope I did not forgot anything. I will come back
with `check-addr` and `agent-port` on the cli once those patches are
accepted.
William Dauchy (5):
BUG/MINOR: cli: fix set server
while reading `update_server_addr_port` I found out some things which
can be seen as incoherency. I hope I did not overlooked anything:
- one comment is stating check's address should be updated if it uses
the server one; however the condition checks if `SRV_F_CHECKADDR` is
set; this flag is
small consistency problem with `addr` and `agent-addr` options:
for the both options, the last one parsed is always used to set the
agent-check addr. Thus these two lines don't have the same behavior:
server ... addr agent-addr
server ... agent-addr addr
After this patch `agent-addr`
We can currently change the check-port using the cli command `set server
check-port` but there is a consistency issue when using server state.
This patch aims to fix this problem but will be also a good preparation
work to get rid of checkport flag, so we are able to know when checkport
was set by
On Wed, 3 Feb 2021 at 18:47, Илья Шипицин wrote:
>> while I do not mind to have such optimization, but when 'a.example.com"
>> responds with http2 GOAWAY, that affects also "b.example.com" and "
>> c.example.com". Chrome is not clever enough to open new connections instead
>> of abandoned one.
>
Hello,
On Wed, 3 Feb 2021 at 17:44, Илья Шипицин wrote:
>
> TLS1.2 uses tls tickets, when TLS1.0 uses ssl sessions.
I believe this is incorrect, TLSv1.2 works just fine with Session ID's
(RFC5246) and TLS 1.0 works fine with TLS tickets (RFC5077). I'm not
aware of any restrictions between
вт, 1 дек. 2020 г. в 00:37, Tim Düsterhus :
> Ilya,
>
> Am 30.11.20 um 20:21 schrieb Илья Шипицин:
> > I guess here are people running similar high density SSL hosting, do you
> > have some approaches to please Chrome ? I would be happy if I can tell
> him
> > to open separate connections for the
TLS1.2 uses tls tickets, when TLS1.0 uses ssl sessions.
you have disabled tls tickets in config.
is there a chance that you upgraded from tls1.0 to tls1.2 ? (it should be
clearly seen in wireshark)
people usually disable tls tickets (and ssl sessions) for security
considerations, in such case
Hi again
I just saw that I posted an error in the 2.2.4 config file, this should be the
correct one:
-
global
# Disable SSLv3 and, for now, TLS 1.3
ssl-default-bind-options
Hi
I have some wireshark logs, but I’ll have to go through them to make sure it
doesn’t contain any sensitive information.
Best regards
Johan
From: Илья Шипицин
Sent: den 3 februari 2021 14:10
To: Johan Andersson
Cc: HAProxy
Subject: Re: SSL session resumption
Can you provide wireshark
Hello Lukas
Output from 2.1.3
-
HA-Proxy version 2.1.3 2020/02/12 - https://haproxy.org/
Status: stable branch - will stop receiving fixes around Q1 2021.
Known bugs:
Can you provide wireshark capture? It is very useful
On Wed, Feb 3, 2021, 5:39 PM Johan Andersson wrote:
> To whom it may concern
>
>
>
> We have recently upgraded out HAProxy version from 2.1.3 to 2.2.4.
>
> After the upgrade we got customer complaints that the data usage of their
> devices
Hello Johan,
we are gonna need the outputs of "haproxy -vv" from both situations,
as well as at the very least *all* the ssl configuration parameters in
haproxy that you are using.
However, I do not believe it is likely that we can find the root
cause, without access to those handshakes, since
To whom it may concern
We have recently upgraded out HAProxy version from 2.1.3 to 2.2.4.
After the upgrade we got customer complaints that the data usage of their
devices had gone up. Our company sells proprietary hardware that logs data and
sends that to a web service which we host. These
On Wed, Feb 3, 2021 at 9:59 AM Christopher Faulet wrote:
> At first glance, I'm just a bit annoyed with the patch 5. In the
> documentation,
> it is stated that "addr" option will be used for agent-check too. And there is
> no info about interactions between "addr" and "agent-addr" options when
❦ 3 février 2021 10:23 GMT, Louis Charreau:
> we use hatop daily to monitor in real time haproxy.
> This tool is no longer packaged in ubuntu 20.04 (LTS), which is a pity for
> such a useful tool.
>
> It's true that the initial project doesn't seem to be maintained
> anymore (last commit 5
Hello,
we use hatop daily to monitor in real time haproxy.
This tool is no longer packaged in ubuntu 20.04 (LTS), which is a pity for such
a useful tool.
It's true that the initial project doesn't seem to be maintained anymore (last
commit 5 years ago) and only works in Python2 which is itself
Le 02/02/2021 à 22:56, William Dauchy a écrit :
Hello Christopher,
As discussed, I revisited my previous series regarding check addr and
port consistency. I don't think I missed anything.
I won't hide my aim here, I would like to add support to set
`check.addr` on the cli like it is possible
21 matches
Mail list logo
