Re: Feature request: routing a TCP stream based on Cipher Suites in a TLS ClientHello

On 23/02/2017 07:38 μμ, Lukas Tribus wrote: > Hi, > > Am 23.02.2017 um 04:02 schrieb James Brown: >> Unfortunately, that feature only works with OpenSSL 1.0.2 (which, >> incidentally, would be a good thing to note in the documentation)... > > Good point; I did not remember this either ... we

Setting backend server in maintenance mode does not make traffic stop

Hi, I'm doing some maintenance work on some of my backend servers from time to time, and would like to, during that time, set them in maintenance mode to avoid serving erroneous content to the users. I'm using the stats admin endpoint to set the server in maintenance mode, the server in

Re: https://www.haproxy.org SEC_ERROR_REVOKED_CERTIFICATE

Hello, Am 23.02.2017 um 22:28 schrieb Andrew Smalley: Hi All I confirm I get the same and Firefox will not even let me visit the site. Thankfully the http://blog.haproxy.com/ is non ssl so is still available. There are no HSTS or redirects headers forcing you to the https scheme; just

Re: https://www.haproxy.org SEC_ERROR_REVOKED_CERTIFICATE

Hi All I confirm I get the same and Firefox will not even let me visit the site. Thankfully the http://blog.haproxy.com/ is non ssl so is still available. Regards Andrew Smalley Loadbalancer.org Ltd. On 23 February 2017 at 21:21, James Stroehmann < james.stroehm...@proquest.com> wrote: >

Re: Feature request: routing a TCP stream based on Cipher Suites in a TLS ClientHello

Hi, Am 23.02.2017 um 04:02 schrieb James Brown: Unfortunately, that feature only works with OpenSSL 1.0.2 (which, incidentally, would be a good thing to note in the documentation)... Good point; I did not remember this either ... we have to fix the docs. Lukas

Re: TLS-PSK: making a http(s) lookup call from inside haproxy code

Thanks for the insight from both of you.. I have spent couple of hours browsing through the code and realized that even if async io would be possible in PSK callback, I would have really hard time wrap my head around it. The learning curve is just too steep (not to mention post-implementation

Possible Minor Bug - Configuration Validation

Hi, Note I am not subscribed to the mail list - per comment at http://discourse.haproxy.org/t/possible-minor-bug-configuration-validation, just wanted to flag a possible bug we spotted: The issue appears to be with a change made back in 2014/04/23 : 1.5-dev23 MEDIUM: config: relax use_backend

Re: TLS-PSK: making a http(s) lookup call from inside haproxy code

Le 22/02/2017 à 16:02, thierry.fourn...@arpalert.org a écrit : On Wed, 22 Feb 2017 15:43:36 +0100 Braňo Žarnovičan wrote: Options: (a) implement lookup call in C I should be able to whip up simple http 1.0 request via low-level socket programming. However, I would like