Hi.
Have anyone seen this?
https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https
It looks very interesting for higher privacy.
Regards
Aleks
On Mon, Sep 24, 2018 at 11:52:51PM +0200, Lukas Tribus wrote:
> Just to be clear though; Content-Length or chunked transfer-encoding
> are required if you want to use keep-alive on the backend, even with
> HTTP/1.1 (or with other products). It's just that it won't work in H2
> either way currently,
Just some additional notes for anyone who might stumble upon this same
issue in the future.
I did a bunch more testing with this and confirmed that it was indeed
net.ipv4.tcp_mem that needed to be tweaked. I set the r/wmem settings back
to the defaults and ultimately set tcp_mem to "512000 512000
Hi Tim and other Gurus,
I am using the auth-request lua script from here (thanks Tim, you rock
for publishing this):
https://github.com/TimWolla/haproxy-auth-request
Haproxy is sitting in front of two nodejs apps; etherpad and ethercalc.
it is also sitting in front of apache which is serving
On Mon, 24 Sep 2018 at 16:36, Willy Tarreau wrote:
>
> On Mon, Sep 24, 2018 at 02:30:35PM +, Pierre Cheynier wrote:
> > OK, I conclude this SSE pattern is not working out-of-the-box when using h2
> > as of
> > now. Is it still true even if setting the user set the proper connection
> > heade
Hello dear,
Did you receive my email message to you? Please, get back to me ASAP as the
matter is becoming late. Expecting your urgent response.
Regards,
Sean
---
This email has been checked for viruses by AVG.
https://www.avg.com
On Mon, Sep 24, 2018 at 02:30:35PM +, Pierre Cheynier wrote:
> OK, I conclude this SSE pattern is not working out-of-the-box when using h2
> as of
> now. Is it still true even if setting the user set the proper connection
> headers on
> server side?
Yes, it's irrelevant to the headers, it's
> Hi Pierre,
Hi Willy,
> The close on the server side is expected, that's a limitation of the current
> design that we're addressing for 1.9 and which is much harder than initially
>expected. The reason is that streams are independent in H2 while in H1 the
> same stream remains idle and recycled
Hi Pierre,
On Mon, Sep 24, 2018 at 02:10:21PM +, Pierre Cheynier wrote:
> > You'll notice that in the HTTP/2 case, the stream is closed as you mentioned
> > (DATA len=0 + ES=1) then HAProxy immediately send FIN-ACK to the server.
> > Same for the client just after it forwarded the headers. It
> You'll notice that in the HTTP/2 case, the stream is closed as you mentioned
> (DATA len=0 + ES=1) then HAProxy immediately send FIN-ACK to the server.
> Same for the client just after it forwarded the headers. It never wait for
> any
> SSE frame.
EDIT: in fact, analyzing my capture, I see tha
Hello,
On Mon, 24 Sep 2018 at 14:42, Maciej Małeta wrote:
>
> Hi,
>
> i have problem with my haproxy 1.8.14
> when i want start it, i get error: tune.ssl.force-private-cache' cannot
> handle unexpected argument 'false'
> in version 1.5 it's work fine
> what is wrong in 'false' option?
> I would
Hi Dirkjan,
On 09/24/2018 11:55 AM, Dirkjan Bussink wrote:
> Hi all,
>
> Given all the critical security issue and that you all were busy with that, I
> suspect this didn’t get much additional eyes. Now that that fix is out the
> door, I’m wondering if there’s any feedback or further input for
Hello,
Le 24/09/2018 à 12:29, Franks Andy (IT Technical Architecture Manager) a
écrit :
Sorry to be a nag, but anyone any ideas with this. Or is it just
indicated to regularly parse log files (seems a bit of a hacky solution).
Thanks!
*From:*Franks Andy (IT Technical Architecture Manager)
Hi,
i have problem with my haproxy 1.8.14
when i want start it, i
get error: tune.ssl.force-private-cache' cannot handle unexpected
argument 'false'
in version 1.5 it's work fine
what is wrong in 'false'
option?
I would be very grateful for your help.
Mapet
Sorry to be a nag, but anyone any ideas with this. Or is it just indicated to
regularly parse log files (seems a bit of a hacky solution).
Thanks!
From: Franks Andy (IT Technical Architecture Manager)
[mailto:andy.fra...@sath.nhs.uk]
Sent: 21 September 2018 13:20
To: haproxy@formilux.org
Subjec
Hi all,
Given all the critical security issue and that you all were busy with that, I
suspect this didn’t get much additional eyes. Now that that fix is out the
door, I’m wondering if there’s any feedback or further input for the OpenSSL
1.1.1 patches I wrote?
Cheers,
Dirkjan
> On 14 Sep 20
16 matches
Mail list logo