Remy van Elst writes:
>
> Lukas Tribus schreef op 09/01/14 00:08:
> > Hi,
> >
> >
> >> $ openssl s_client -state -quiet -connect xx.xx.xx.xx:443
> >>
> >> SSL_connect:before/connect initialization
> >> SSL_connect:SSLv2/v3 write client hello A
> >> SSL_connect:SSLv3 read server hello A
> >> dept
Bonjour ,
En tant que membre VIP de Capdecision, vous aurez accès aux offres exclusives
de RUEDESOPPORTUNITÉS.fr.
Nous vous proposons dès aujourd'hui de recevoir des offres sélectionnées par
RUE DES OPPORTUNITÉS. Si vous n'êtes pas satisfait de ce service, vous pourrez
à tout moment vous désab
Hi,
On Tue, Feb 24, 2015 at 01:33:32PM -0700, NuSkooler wrote:
> Thanks, this has all been very helpful.
>
> Unfortunately it seems that some of the pieces to create a debuggable
> version of these old clients are currently missing here. If I can get
> that together I'll debug and hopefully find
Hi Jesse,
On Tue, Feb 24, 2015 at 11:30:13AM -0600, Jesse Hathaway wrote:
> In the documenation it states:
>
> > The format should be composed from elements that are guaranteed to be
> > unique when combined together.
>
> Is there a combination of formatting strings that would guarantee uniquene
Thanks, this has all been very helpful.
Unfortunately it seems that some of the pieces to create a debuggable
version of these old clients are currently missing here. If I can get
that together I'll debug and hopefully find something. Until then,
we'll be attempting to route their traffic around H
On Tue, Feb 24, 2015 at 1:39 AM, Francois Lagier
wrote:
> Hello everyone,
>
> I am currently trying to tune my HaProxy architecture (65k queries per
> seconds, low latency requirement (<50ms), with 12 servers using multi-core
> (4 cores per server)) and I have a couple of questions about the
> ht
> Attached are two captures:
>
> 1) ha_lukas-allow-allow.pcap: This is a capture of the bind line you provided:
> bind *:443 ssl crt /home/bashby/Lukas/TEST_cert_and_key.pem ciphers \
> AES128-SHA verify optional ca-ignore-err all crt-ignore-err all ca-file \
> /etc/ssl/certs/cw_client_ca.pem
>
> 2
In the documenation it states:
> The format should be composed from elements that are guaranteed to be
> unique when combined together.
Is there a combination of formatting strings that would guarantee uniqueness?
Would a patch to add a uuid formatter be accepted?
Thanks, Jesse
Hello Vincent, Lucas
On 2/24/2015 4:56 PM, Lukas Tribus wrote:
It would be nice to add a note that without proper rotation, PFS is
compromised by the use of TLS tickets. People may not understand why
they need to put 3 keys in this file and may never change them.
Agreed, we have to clarify tha
> It would be nice to add a note that without proper rotation, PFS is
> compromised by the use of TLS tickets. People may not understand why
> they need to put 3 keys in this file and may never change them.
Agreed, we have to clarify that a never changing tls-tickets-keys
file is worse than no fil
Hello Remi,
On 2/24/2015 4:25 PM, Remi Gacogne wrote:
On 02/24/2015 03:17 PM, Nenad Merdanovic wrote:
This patchset adds support to configure TLS ticket keys used for
encryption and decryption of TLS tickets.
Hi Nenad,
I find your patch very interesting and I have some questions about it.
I
On 02/24/2015 03:17 PM, Nenad Merdanovic wrote:
> This patchset adds support to configure TLS ticket keys used for
> encryption and decryption of TLS tickets.
Hi Nenad,
I find your patch very interesting and I have some questions about it.
Is there a reason why it requires the number of active t
❦ 24 février 2015 15:17 +0100, Nenad Merdanovic :
> +tls-ticket-keys
> + Sets the TLS ticket keys file to load the keys from. The keys need to be 48
> + bytes long, encoded with base64 (ex. openssl rand -base64 48). Number of
> keys
> + is specified by the TLS_TICKETS_NO build option (defau
Until now, the TLS ticket keys couldn't have been configured and
shared between multiple instances or multiple servers running HAproxy.
The result was that if a request got a TLS ticket from one instance/server
and it hits another one afterwards, it will have to go through the full
SSL handshake an
Signed-off-by: Nenad Merdanovic
---
doc/configuration.txt | 8
1 file changed, 8 insertions(+)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index bb7d567..abe592b 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8969,6 +8969,14 @@ tfo
need to build HAP
This patchset adds support to configure TLS ticket keys used for
encryption and decryption of TLS tickets.
Nenad Merdanovic (2):
MEDIUM: Add support for configurable TLS ticket keys
DOC: Document the new tls-ticket-keys bind keyword
doc/configuration.txt | 8 +++
include/common/default
Hello everyone,
I am currently trying to tune my HaProxy architecture (65k queries per
seconds, low latency requirement (<50ms), with 12 servers using multi-core
(4 cores per server)) and I have a couple of questions about the
http-keep-alive timeout and the behavior when we are actually timing ou
Hi Cyril,
Thank you for enlightening me.. we'll correct that mistake :)
Cyril Bonté wrote on 02/24/2015 09:20 AM:
Hi Klavs,
Le 24/02/2015 08:56, Klavs Klavsen a écrit :
Hi guys,
A colleague just found an issue last night, where this acl:
acl is_kk-dk hdr_end(host) -i kkdk3.testkkdk.kk.dk h
Hi Klavs,
Le 24/02/2015 08:56, Klavs Klavsen a écrit :
Hi guys,
A colleague just found an issue last night, where this acl:
acl is_kk-dk hdr_end(host) -i kkdk3.testkkdk.kk.dk hdr(host) -i
readonly.kk.dk hdr(host) -i readonly.testkkdk.kk.dk hdr(host) -i
www.testkkdk.kk.dk hdr(host) -i kktest.k
19 matches
Mail list logo