Re: Zero RTT in backend server side

2019-06-24 Thread Igor Pav
Thanks Olivier, it worked now. If I don't make a serious wrong, can haproxy to do multiplexing connections from FE to a single connection to BE by using H2+TLS, then keep the connection to BE alive as long as possible, so we could omit handshakes? On Mon, Jun 24, 2019 at 5:56 PM Olivier Houchard

Re: Zero RTT in backend server side

2019-06-24 Thread Olivier Houchard
Hi Igor, On Sun, Jun 23, 2019 at 08:42:46PM +0800, Igor Pav wrote: > Hi Olivier, > > The `retry-on 0rtt-rejected` will only work in tcp mode, is that > possible to let it work in http mode too? > It should work with HTTP too. What may happen is you're using "alpn" on the server line, and thus w

Re: Zero RTT in backend server side

2019-06-23 Thread Igor Pav
Hi Olivier, The `retry-on 0rtt-rejected` will only work in tcp mode, is that possible to let it work in http mode too? On Mon, May 6, 2019 at 4:37 AM Olivier Houchard wrote: > > Hi Igor, > > On Mon, May 06, 2019 at 12:26:33AM +0800, Igor Pav wrote: > > Hi, Olivier, thanks for the effort. So can

Re: Zero RTT in backend server side

2019-05-15 Thread William Dauchy
On Wed, May 15, 2019 at 2:10 PM Olivier Houchard wrote: > We usually only add options in ssl-default-bind-options that can later be > overriden on a per-bind basis, but right now, there's no option to disable > 0RTT. Thanks for the explanation! -- William

Re: Zero RTT in backend server side

2019-05-15 Thread Olivier Houchard
Hi William, On Wed, May 15, 2019 at 01:10:37PM +0200, William Dauchy wrote: > Hello Olivier, > > In another subject related to 0rtt was wondering why it was not > available in ssl-default-bind-options? > We usually only add options in ssl-default-bind-options that can later be overriden on a pe

Re: Zero RTT in backend server side

2019-05-15 Thread William Dauchy
Hello Olivier, In another subject related to 0rtt was wondering why it was not available in ssl-default-bind-options? Thanks, -- William

Re: Zero RTT in backend server side

2019-05-05 Thread Olivier Houchard
Hi Igor, On Mon, May 06, 2019 at 12:26:33AM +0800, Igor Pav wrote: > Hi, Olivier, thanks for the effort. So can we force the server always > to carry data to remote via 0RTT like below scenario(to protect > http2http in unsecured env)? > > listen http -- server default x.x ssl allow-0rtt (SSL

Re: Zero RTT in backend server side

2019-05-05 Thread Igor Pav
Hi, Olivier, thanks for the effort. So can we force the server always to carry data to remote via 0RTT like below scenario(to protect http2http in unsecured env)? listen http -- server default x.x ssl allow-0rtt (SSL) bind x.x ssl allow-0rtt -- http backend On Sat, May 4, 2019 at 3:06 AM

Re: Zero RTT in backend server side

2019-05-03 Thread Илья Шипицин
libressl is known to present "bigger than openssl-1.1.1" version (while lacking many features) let us wait for libressl+travis-ci patch approval сб, 4 мая 2019 г. в 00:09, Olivier Houchard : > Hi Igor, > > On Fri, May 03, 2019 at 05:21:50PM +0800, Igor Pav wrote: > > Just tested with openssl 1.1.

Re: Zero RTT in backend server side

2019-05-03 Thread Olivier Houchard
Hi Igor, On Fri, May 03, 2019 at 05:21:50PM +0800, Igor Pav wrote: > Just tested with openssl 1.1.1b and haproxy 1.9.7, it appears no > success, you are right :) > Indeed :) I just pushed commit 010941f87605e8219d25becdbc652350a687d6a2 to master, that let me do 0RTT both as server and as client.

Re: Zero RTT in backend server side

2019-05-03 Thread Igor Pav
Just tested with openssl 1.1.1b and haproxy 1.9.7, it appears no success, you are right :) On Thu, May 2, 2019 at 8:45 PM Olivier Houchard wrote: > > Hi Igor, > > On Thu, May 02, 2019 at 08:39:58PM +0800, Igor Pav wrote: > > Hello, can we use TLS zero RTT in server-side now? Just want to reduce >

Re: Zero RTT in backend server side

2019-05-02 Thread Olivier Houchard
Hi Igor, On Thu, May 02, 2019 at 08:39:58PM +0800, Igor Pav wrote: > Hello, can we use TLS zero RTT in server-side now? Just want to reduce > more latency when using SSL talk to the backend servers(also running > haproxy). > > Thanks in advance. Regards > It should work if you add "allow-0rtt"

Zero RTT in backend server side

2019-05-02 Thread Igor Pav
Hello, can we use TLS zero RTT in server-side now? Just want to reduce more latency when using SSL talk to the backend servers(also running haproxy). Thanks in advance. Regards