Hi Thierry,
On Sat, Feb 25, 2017 at 01:01:54PM +0100, thierry.fourn...@arpalert.org wrote:
> The patch implementing this idea is in attachment. It returns the
> client-hello cioher list as binary, hexadecimal string, xxh64 and with
> the decoded ciphers.
Is this supposed to be the last version ?
Hi Willy,
On Fri, Feb 10, Willy Tarreau wrote:
> > How should I send the patches ? One commit for
> > http_server_error/http_get_status_idx changes and tarpit deny_status
> > parser / doc in another commit ?
>
> Yes that's the prefered way to do it, one commit per architecture or
> functional
Hi Thierry
> Le 25 févr. 2017 à 13:01, thierry.fourn...@arpalert.org a écrit :
>
> Hi all,
>
> On Thu, 9 Feb 2017 07:37:51 +0100
> Willy Tarreau wrote:
>
>> Hi Olivier,
>>
>> On Sat, Feb 04, 2017 at 11:52:30AM +0100, Olivier Doucet wrote:
>>> Hello,
>>>
>>> I'm trying to
On 06/03/2017 14:45, Simon E. Silva Lauinger wrote:
bind *:443 name *:443 ssl crt /path/to/cert.pem
mode tcp
Did you also try with
mode http
on the frontend?
.marcoc
This fix is for current 1.8dev with "MEDIUM: ssl: remove ssl-options from crt-list » apply.
0001-BUG-MEDIUM-ssl-in-bind-line-ssl-options-after-crt-ar.patch
Description: Binary data
On Mon, 6 Mar 2017 12:35:47 +0100
Willy Tarreau wrote:
> Hi Thierry,
>
> On Sat, Feb 25, 2017 at 01:01:54PM +0100, thierry.fourn...@arpalert.org wrote:
> > The patch implementing this idea is in attachment. It returns the
> > client-hello cioher list as binary, hexadecimal string,
On Mon, 6 Mar 2017 14:54:44 +0100
Emmanuel Hocdet wrote:
> Hi Thierry
>
> > Le 25 févr. 2017 à 13:01, thierry.fourn...@arpalert.org a écrit :
> >
> > Hi all,
> >
> > On Thu, 9 Feb 2017 07:37:51 +0100
> > Willy Tarreau wrote:
> >
> >> Hi Olivier,
> >>
> >> On
On Mon, Mar 06, 2017 at 06:30:34PM +0100, thierry.fourn...@arpalert.org wrote:
> On Mon, 6 Mar 2017 14:54:44 +0100
> Emmanuel Hocdet wrote:
> > xxh64 is not a fingerprint class algorithme, sha256 should be use.
>
>
> Hi Manu,
>
> My choice is driven regarding these hash
Hi,
This is the new patch without bug. The previous it was too quicly tested.
Thierry
On Mon, 6 Mar 2017 18:30:33 +0100
thierry.fourn...@arpalert.org wrote:
> On Mon, 6 Mar 2017 12:35:47 +0100
> Willy Tarreau wrote:
>
> > Hi Thierry,
> >
> > On Sat, Feb 25, 2017 at 01:01:54PM
On Mon, Mar 06, 2017 at 06:30:33PM +0100, thierry.fourn...@arpalert.org wrote:
> > > + /* Next three bytes are the length of the message. The total length
> > > + * must be this decoded length + 4. If the length given as argument
> > > + * is not the same, we abort the protocol dissector.
> > >
Your read my response one minute too early. The right path is in the
second email I sent. Sorry.
On Mon, 6 Mar 2017 18:38:30 +0100
Willy Tarreau wrote:
> On Mon, Mar 06, 2017 at 06:30:33PM +0100, thierry.fourn...@arpalert.org wrote:
> > > > + /* Next three bytes are the
On Mon, Mar 06, 2017 at 04:50:02PM +0100, Emmanuel Hocdet wrote:
> This fix is for current 1.8dev with "MEDIUM: ssl: remove ssl-options from
> crt-list » apply.
Strangely it refuses to apply to ssl_sock.c. 14 of 14 hunks rejected.
I tried by hand (patch -p1, patch -lp1), same result. I don't
On Mon, 06 Mar 2017 01:35:19 -0500, Willy Tarreau wrote:
On Fri, Mar 03, 2017 at 07:54:46PM +0300, Dmitry Sivachenko wrote:
> On 03 Mar 2017, at 19:36, David King
wrote:
>
> Thanks for the response!
> Thats interesting, i don't suppose you have
On Mon, Mar 06, 2017 at 07:19:00PM +0100, thierry.fourn...@arpalert.org wrote:
> Your read my response one minute too early. The right path is in the
> second email I sent. Sorry.
Thierry, please look below :
> On Mon, 6 Mar 2017 18:38:30 +0100
> Willy Tarreau wrote:
>
> > And
Willy,
per your comment on /dev/random exhaustion. I think running haveged on
servers doing crypto work is/should be best practice.
jerry
On 3/6/17 12:02 PM, Willy Tarreau wrote:
Hi Mark,
On Mon, Mar 06, 2017 at 02:49:28PM -0500, Mark S wrote:
As for the timing issue, I can add to the
On Mon, Mar 06, 2017 at 09:31:40PM +0100, thierry.fourn...@arpalert.org wrote:
> You're right, I'm hurry and tired. I dont sew the problem with
> comparisons. I think that the attached version is ok. I reviewed all
> comments.
OK this one looks good. I've just met a build issue here :
Hi Mark,
On Mon, Mar 06, 2017 at 02:49:28PM -0500, Mark S wrote:
> As for the timing issue, I can add to the discussion with a few related data
> points. In short, system uptime does not seem to be a commonality to my
> situation.
thanks!
> 1) I had this issue affect 6 servers, spread across 5
On Mon, 06 Mar 2017 15:02:43 -0500, Willy Tarreau wrote:
OK so that means that haproxy could have hung in a day or two, then your
case is much more common than one of the other reports. If your fdront LB
is fair between the 6 servers, that could be related to a total number of
Dear Willy and Dmitry,
Am 06.03.2017 um 11:16 schrieb Willy Tarreau:
> with the attachment now (thanks Dmitry)
hm, I'm not able to apply the patch:
git apply --ignore-space-change --ignore-whitespace
0001-BUG-MEDIUM-tcp-don-t-poll-for-write-when-connect-suc.patch
But I get:
On Mon, Mar 06, 2017 at 11:19:18PM +0100, Matthias Fechner wrote:
> Dear Willy and Dmitry,
>
> Am 06.03.2017 um 11:16 schrieb Willy Tarreau:
> > with the attachment now (thanks Dmitry)
>
> hm, I'm not able to apply the patch:
> git apply --ignore-space-change --ignore-whitespace
>
您好!
我们是专业做化工产品的国际快递的。粉末,液体。无需鉴定报告优质的包装材料保护货物样品在
安全运输的情况下美观大方,价格优惠客服一对一的服务
期待与您合作。
主要航线是:FEDEX DHL TNT
EMS,UPS。大货(21KG以上)另有优惠。
五大航线强势+贴心跟单+及时的信息通知+门到门服务=您的满意。
价格可以在报价基础上另行优惠,欢迎咨询。
手机:18930306441联系:张琴
QQ:1755462759
电话: 021-68095814
优势服务:
第一,我们公司有5大航线别人走不了的快递我们可以发我们会根据国家来判断航线考虑性价比
Attention,
Â
Attached is the payment transferred to your bank account for INV-
081116 as directed by our customer to you, we are sorry for the delay.
Please review for your reference PDF id is INVOICEPAYMENT1.
Â
Thanks & Best Regards,
Â
Sarah
Â
     Â
-- Forwarded message
Thanks for the response!
On Mon, Mar 6, 2017 at 1:34 AM, Willy Tarreau wrote:
>
> [snip]
>
> Also it is not normal at all that SSL checks lead to CPU saturation.
> Normally, health checks are expected to store the last SSL_CTX in the
> server struct for later reuse, leading to a
On Mon, Mar 06, 2017 at 06:34:09PM -0800, Steven Davidovitz wrote:
> Interestingly, as far as I can tell, we are running into the problem
> described in this forum post:
> http://discourse.haproxy.org/t/backend-encryption-and-reusing-ssl-sessions/503/4
> Switching the conn_data_shutw_hard call to
Thanks Willy,
Am 07.03.2017 um 00:32 schrieb Willy Tarreau:
> Sorry, when I said "revert" I meant typically like this :
>
> patch -Rp1 < 0001-BUG-MEDIUM-tcp-don-t-poll-for-write-when-connect-suc.patch
>
> I've just tested here on 1.7.3 and it does apply correctly.
>
> With git apply you'll have
Hi Steven,
On Wed, Mar 01, 2017 at 04:03:17PM -0800, Steven Davidovitz wrote:
> Having hundreds of HTTP SSL health checks leads to CPU saturation.
> This patch allows HTTP health checks without any http-expect directives
> to keep the connection open for subsequent health checks. This patch
>
On Mon, Mar 06, 2017 at 09:59:21AM +0100, Matthias Fechner wrote:
> Hi Georg,
>
> Am 06.03.2017 um 09:43 schrieb Georg Faerber:
> > I'm not running FreeBSD myself, but have a look at [1]: In the
> > follow-ups to this thread there are two more people reporting problems.
> >
> > [1]
Hi Matthias,
On 17-03-06 09:34:07, Matthias Fechner wrote:
> are problem with haproxy 1.7.3 on FreeBSD 11.0-p8 known?
I'm not running FreeBSD myself, but have a look at [1]: In the
follow-ups to this thread there are two more people reporting problems.
Cheers,
Georg
[1]
Hi,
it would be cool if somebody could open a PR at
https://bugs.freebsd.org/
I personally don't use FreeBSD 11 for any of my HAProxy-installations
(yet), so I'm not really affected (yet) - but thanks for the heads-up.
Regards,
Rainer
Hi Georg,
Am 06.03.2017 um 09:43 schrieb Georg Faerber:
> I'm not running FreeBSD myself, but have a look at [1]: In the
> follow-ups to this thread there are two more people reporting problems.
>
> [1] https://www.mail-archive.com/haproxy@formilux.org/msg25093.html
no, this cannot be the
Dear Rainer,
Am 06.03.2017 um 09:52 schrieb rai...@ultra-secure.de:
> it would be cool if somebody could open a PR at
>
> https://bugs.freebsd.org/
>
> I personally don't use FreeBSD 11 for any of my HAProxy-installations
> (yet), so I'm not really affected (yet) - but thanks for the heads-up.
Am 2017-03-06 10:05, schrieb Matthias Fechner:
Dear Rainer,
I opened a bug report here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217576
I have only one server already upgraded to FreeBSD 11. The 10.3
installation are running fine with haproxy 1.7.3.
Thanks!
On Fri, Mar 03, 2017 at 05:12:55PM +0100, Emmanuel Hocdet wrote:
> Build without DH support is broken. This fix is for 1.8dev.
> It significantly reduces the size and initial memory footprint of haproxy.
Hmmm this one does not apply :-(
Willy
On Fri, Mar 03, 2017 at 01:28:40PM +0100, Emmanuel Hocdet wrote:
> New version of this patch.
> Little cleanup but much better comment.
Applied, thanks Manu.
Willy
On Mon, Mar 06, 2017 at 10:13:31AM +0100, Willy Tarreau wrote:
> On Fri, Mar 03, 2017 at 05:12:55PM +0100, Emmanuel Hocdet wrote:
> > Build without DH support is broken. This fix is for 1.8dev.
> > It significantly reduces the size and initial memory footprint of haproxy.
>
> Hmmm this one does
Dear all,
are problem with haproxy 1.7.3 on FreeBSD 11.0-p8 known?
I have the problem that I got a lot of timeout for all websites that are
behind haproxy.
Haproxy does terminate the SSL connection and forwards to nginx. Before
haproxy I have a sslh running.
Downgrading to version 1.7.2
On Fri, Mar 03, 2017 at 03:55:05PM +0100, Emmanuel Hocdet wrote:
> Patch candidat to merge in 1.8dev.
> I think this patch should be backported, at least in versions compat with
> openssl-1.1.0.
Applied, thanks Manu!
Willy
> Le 4 mars 2017 à 15:03, mlist a écrit :
>
For those first 3 points we don't need renegotiation.
>
Current implementation is buggy, but once we merge:
"BUG/MEDIUM: ssl: fix verify/ca-file per certificate"
>
all those issues will be addressed, without
with the attachment now (thanks Dmitry)
On Mon, Mar 06, 2017 at 10:44:56AM +0100, Willy Tarreau wrote:
> On Mon, Mar 06, 2017 at 09:59:21AM +0100, Matthias Fechner wrote:
> > Hi Georg,
> >
> > Am 06.03.2017 um 09:43 schrieb Georg Faerber:
> > > I'm not running FreeBSD myself, but have a look at
39 matches
Mail list logo