Thanks Olivier, it worked now. If I don't make a serious wrong, can
haproxy to do multiplexing connections from FE to a single connection
to BE by using H2+TLS, then keep the connection to BE alive as long as
possible, so we could omit handshakes?
On Mon, Jun 24, 2019 at 5:56 PM Olivier Houchard
Hi Igor,
On Sun, Jun 23, 2019 at 08:42:46PM +0800, Igor Pav wrote:
> Hi Olivier,
>
> The `retry-on 0rtt-rejected` will only work in tcp mode, is that
> possible to let it work in http mode too?
>
It should work with HTTP too. What may happen is you're using "alpn" on
the server line, and thus w
Hi Olivier,
The `retry-on 0rtt-rejected` will only work in tcp mode, is that
possible to let it work in http mode too?
On Mon, May 6, 2019 at 4:37 AM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Mon, May 06, 2019 at 12:26:33AM +0800, Igor Pav wrote:
> > Hi, Olivier, thanks for the effort. So can
On Wed, May 15, 2019 at 2:10 PM Olivier Houchard wrote:
> We usually only add options in ssl-default-bind-options that can later be
> overriden on a per-bind basis, but right now, there's no option to disable
> 0RTT.
Thanks for the explanation!
--
William
Hi William,
On Wed, May 15, 2019 at 01:10:37PM +0200, William Dauchy wrote:
> Hello Olivier,
>
> In another subject related to 0rtt was wondering why it was not
> available in ssl-default-bind-options?
>
We usually only add options in ssl-default-bind-options that can later be
overriden on a pe
Hello Olivier,
In another subject related to 0rtt was wondering why it was not
available in ssl-default-bind-options?
Thanks,
--
William
Hi Igor,
On Mon, May 06, 2019 at 12:26:33AM +0800, Igor Pav wrote:
> Hi, Olivier, thanks for the effort. So can we force the server always
> to carry data to remote via 0RTT like below scenario(to protect
> http2http in unsecured env)?
>
> listen http -- server default x.x ssl allow-0rtt (SSL
Hi, Olivier, thanks for the effort. So can we force the server always
to carry data to remote via 0RTT like below scenario(to protect
http2http in unsecured env)?
listen http -- server default x.x ssl allow-0rtt (SSL) bind
x.x ssl allow-0rtt -- http backend
On Sat, May 4, 2019 at 3:06 AM
libressl is known to present "bigger than openssl-1.1.1" version (while
lacking many features)
let us wait for libressl+travis-ci patch approval
сб, 4 мая 2019 г. в 00:09, Olivier Houchard :
> Hi Igor,
>
> On Fri, May 03, 2019 at 05:21:50PM +0800, Igor Pav wrote:
> > Just tested with openssl 1.1.
Hi Igor,
On Fri, May 03, 2019 at 05:21:50PM +0800, Igor Pav wrote:
> Just tested with openssl 1.1.1b and haproxy 1.9.7, it appears no
> success, you are right :)
>
Indeed :)
I just pushed commit 010941f87605e8219d25becdbc652350a687d6a2 to master, that
let me do 0RTT both as server and as client.
Just tested with openssl 1.1.1b and haproxy 1.9.7, it appears no
success, you are right :)
On Thu, May 2, 2019 at 8:45 PM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Thu, May 02, 2019 at 08:39:58PM +0800, Igor Pav wrote:
> > Hello, can we use TLS zero RTT in server-side now? Just want to reduce
>
Hi Igor,
On Thu, May 02, 2019 at 08:39:58PM +0800, Igor Pav wrote:
> Hello, can we use TLS zero RTT in server-side now? Just want to reduce
> more latency when using SSL talk to the backend servers(also running
> haproxy).
>
> Thanks in advance. Regards
>
It should work if you add "allow-0rtt"
Hello, can we use TLS zero RTT in server-side now? Just want to reduce
more latency when using SSL talk to the backend servers(also running
haproxy).
Thanks in advance. Regards
13 matches
Mail list logo