Re: server FQDN changes from stats socket + server-state file

On Tue, May 02, 2017 at 04:49:50PM +0200, Frederic Lecaille wrote: > Here is an update of my patch which integrates your fix. Now applied, thanks to you both! Willy

AW: [RFC-PATCH] MINOR: ssl: add prefer-server-ciphers again

Hi Manu, >> I care primarily about vanilla OpenSSL, and in don't get a sense that there >> is an >> interest to implement this for TLSv1.2. > > It make sense with AEAD ciphers like AES-GCM and CHACHA20-POLY1305. and it’s > compatible with TLSv1.2. What I was trying to say above is: my

Re: [RFC-PATCH] MINOR: ssl: add prefer-server-ciphers again

or > Le 2 mai 2017 à 17:14, Lukas Tribus a écrit : > > Hello, > > >> Hi Lukas, >> >> The response is in our link: >> [2] https://github.com/openssl/openssl/issues/541 >> >> No need to disable this option per default and option is needed for security. > > The point is:

AW: [RFC-PATCH] MINOR: ssl: add prefer-server-ciphers again

Hello, > Hi Lukas, > > The response is in our link: > [2] https://github.com/openssl/openssl/issues/541 > > No need to disable this option per default and option is needed for security. The point is: when the admin is aware of TLS security, he can easily add a new config option on a major

Re: server FQDN changes from stats socket + server-state file

On 05/02/2017 03:45 PM, Baptiste wrote: Here is a new patch version which takes into an account Baptiste remarks. Thank you again Baptiste. Hi Fred, I gave a try to your code today and found a segfault at the next DNS request following the fqdn change. I attached a patch to this

Re: server FQDN changes from stats socket + server-state file

Appart the bug, the new feature works smoothly! Great job, Fred @haproxy.com :p Baptiste

Re: server FQDN changes from stats socket + server-state file

On 05/02/2017 03:45 PM, Baptiste wrote: Here is a new patch version which takes into an account Baptiste remarks. Thank you again Baptiste. Hi Fred, Hello Baptiste, I gave a try to your code today and found a segfault at the next DNS request following the fqdn change. I

Re: server FQDN changes from stats socket + server-state file

> > >> Here is a new patch version which takes into an account Baptiste remarks. > > Thank you again Baptiste. > > Hi Fred, I gave a try to your code today and found a segfault at the next DNS request following the fqdn change. I attached a patch to this email to fix it, simply merge it into

Re: [RFC-PATCH] MINOR: ssl: add prefer-server-ciphers again

Hi Lukas, The response is in our link: [2] https://github.com/openssl/openssl/issues/541 No need to disable this option per default and option is needed for security. The equal-preference groups work with server preference. I tested it with BoringSSL. Manu > Le 28 avr. 2017 à 20:05, Lukas

Re: OpenSSL engine and async support

Hi Grant, An other issue: static void ssl_sock_close(struct connection *conn) { if (conn->xprt_ctx) { if (global_ssl.async) { /* the async fd is created and owned by the SSL engine, which is * responsible for fd closure.

Re: HAProxy 1.7.5 forwards requests blockwise

Hi Willy, thank you very much for your detailed response. I will try out your suggestions and get back to the mailing list if I got any problems. Regards. Daniel Am 28.04.17 um 19:08 schrieb Willy Tarreau: Hi Daniel, On Fri, Apr 28, 2017 at 06:58:38PM +0200, Daniel Heitepriem wrote: Hi