KeyUpdate messages are a feature of TLS 1.3 that allows the symmetric
keys of a connection to be periodically rotated. It's
mandatory-to-implement in TLS 1.3, but not mandatory to use. Google
Chrome tried enabling KeyUpdate and promptly broke several sites, at
least some of which are using
Hi Adam,
[ccing Emeric]
On Sun, Jan 20, 2019 at 01:12:44PM -0800, Adam Langley wrote:
> KeyUpdate messages are a feature of TLS 1.3 that allows the symmetric
> keys of a connection to be periodically rotated. It's
> mandatory-to-implement in TLS 1.3, but not mandatory to use. Google
> Chrome
Hi.
As far as I understood the keyupdate
https://tools.ietf.org/html/rfc8446 4.6.3
which you refer proper isn't it also a option to use
https://wiki.openssl.org/index.php/TLS1.3#Renegotiation
which refers to https://www.openssl.org/docs/manmaster/man3/SSL_key_update.html
instead of the
On Sun, Jan 20, 2019 at 2:41 PM Willy Tarreau wrote:
> Just out of curiosity, if such out-of-band messages are enabled again in
> 1.3, do you think this might have any particular impacts on something like
> kTLS where the TLS stream is deciphered by the kernel ? I don't know how
> such messages
Thank you for clarification.
Regard
Aleks
Ursprüngliche Nachricht
Von: Adam Langley
Gesendet: 21. Jänner 2019 00:12:59 MEZ
An: Aleksandar Lazic
CC: haproxy@formilux.org, Willy Tarreau , eb...@haproxy.com
Betreff: Re: HAProxy with OpenSSL 1.1.1 breaks when TLS 1.3 KeyUpdate
On Sun, Jan 20, 2019 at 3:04 PM Aleksandar Lazic wrote:
> which refers to
> https://www.openssl.org/docs/manmaster/man3/SSL_key_update.html
>
> instead of the suggested Patch?
The SSL_key_update function enqueues a KeyUpdate message to be sent.
The problem is that if a /client/ of HAProxy
Hi, can someone check this one out? Is there something wrong with it?
On Thu, Jan 17, 2019, at 13:21, Uman Shahzad wrote:
> If we fail to initialize pollers due to fdtab/fdinfo/polled_mask
> not getting allocated, we free any of those that were allocated
> and exit. However the ordering was
On Sun, Jan 20, 2019 at 03:08:23PM -0800, Adam Langley wrote:
> On Sun, Jan 20, 2019 at 2:41 PM Willy Tarreau wrote:
> > Just out of curiosity, if such out-of-band messages are enabled again in
> > 1.3, do you think this might have any particular impacts on something like
> > kTLS where the TLS
Hi,
On Thu, Jan 17, 2019 at 08:21:39AM +, Uman Shahzad wrote:
> If we fail to initialize pollers due to fdtab/fdinfo/polled_mask
> not getting allocated, we free any of those that were allocated
> and exit. However the ordering was incorrect, and there was an old
> unused and unreachable
On Mon, Jan 21, 2019 at 04:39:53AM +0100, Willy Tarreau wrote:
> Hi,
>
> On Thu, Jan 17, 2019 at 08:21:39AM +, Uman Shahzad wrote:
> > If we fail to initialize pollers due to fdtab/fdinfo/polled_mask
> > not getting allocated, we free any of those that were allocated
> > and exit. However the
Hi,
I'm talking only about performance ways)
About socket.
I use UDP for sending, there are no reasons for delays.
However, my bad - I misunderstood some FDs in "lsof". It is not related to that
UDP-sending, that is OK.
About file system.
I open file from disk for GeoIP, but finally it cached
11 matches
Mail list logo