Hi Paul,
On Mon, Mar 11, 2019 at 01:00:24PM +0100, Paul Stephen Borile wrote:
> Hi,
>
> in attach patch for :
> - build fix for 1.9/2.0 code base (0001)
> - removed deprecated methods (0001)
> - enabled multithreading mode (0001)
> - added point of contact in MAINTAINERS file (0004)
>
> Module i
Hi Emeric,
On 3/11/19 2:48 PM, Emeric Brun wrote:
Once again, you could add the "no-ssl-reuse" statement if you want to check if
QAT offloads the backend side, but it is clearly not an optimal option for production
because it will generate an heavy load
on your servers and force them to recom
On 3/11/19 11:51 AM, Emeric Brun wrote:
Mode async is enabled on both sides, server and frontend side.
But on server side, haproxy is using session resuming, so there is a new key
computation (full handshake with RSA/DSA computation) only every 5 minutes
(openssl default value).
You can forc
On 3/11/19 11:51 AM, Emeric Brun wrote:
> On 3/11/19 11:06 AM, Marcin Deranek wrote:
>> Hi Emeric,
>>
>> On 3/8/19 11:24 AM, Emeric Brun wrote:
>>> Are you sure that servers won't use ECDSA certificates? Do you check that
>>> conn are successful forcing 'ECDHE-RSA-AES256-GCM-SHA384'
>>
>> Backend
Hi,
in attach patch for :
- build fix for 1.9/2.0 code base (0001)
- removed deprecated methods (0001)
- enabled multithreading mode (0001)
- added point of contact in MAINTAINERS file (0004)
Module is now tested in MT mode internally.
Thanks
-Paul
--
Paul Stephen Borile
Director, WURFL InFuze
Hi Jarno,
On 3/8/19 4:57 PM, Jarno Huuskonen wrote:
Yes(probably:), something like this might work for you:
acl is_redirect_match path,map_beg(redir.map) -m found
http-request redirect code 302 location %[path,map_beg(redir.map)] if
is_redirect_match
Thanks a lot for your help. That works fa
On Mon, Mar 11, 2019 at 1:22 PM Tim Düsterhus wrote:
> > BTW, should I also open a feature request for an actual "subdir"
> > match? (Perhaps if I have some time I could even come-up with a
> > patch...)
>
> I am not responsible for deciding what gets in and what doesn't. But: In
> my opinion the
Ciprian,
Am 11.03.19 um 12:15 schrieb Ciprian Dorin Craciun:
> On Mon, Mar 11, 2019 at 1:12 PM Tim Düsterhus wrote:
>> I filed an issue to look into this:
>> https://github.com/haproxy/haproxy/issues/61
>
>
> Thanks. (I didn't knew about the GitHub issues as being the official
> channel to sub
On Mon, Mar 11, 2019 at 1:12 PM Tim Düsterhus wrote:
> I filed an issue to look into this:
> https://github.com/haproxy/haproxy/issues/61
Thanks. (I didn't knew about the GitHub issues as being the official
channel to submit issues and requests.)
BTW, should I also open a feature request for a
Ciprian,
Am 11.03.19 um 12:04 schrieb Ciprian Dorin Craciun:
> I would strongly suggest adding an explicit warning in the
> documentation about this pitfall.
I filed an issue to look into this:
https://github.com/haproxy/haproxy/issues/61
Best regards
Tim Düsterhus
On Mon, Mar 11, 2019 at 12:58 PM Tim Düsterhus wrote:
> The documentation only talks about a slash-delimited value, not about
> being at the beginning.
Technically yes, it works as documented, except the documentation is
misleading by using the work `subdir match` right in the beginning...
Moreo
Ciprian,
Am 11.03.19 um 09:05 schrieb Ciprian Dorin Craciun:
> Which of the following would it match:
> * `/test` -- I would expect yes;
> * `/test/whatever` -- I would expect yes;
> * `/whatever/test` -- I would expect no, however it does (at least in
> 1.8.14)...
>
The documentation only talk
On 3/11/19 11:06 AM, Marcin Deranek wrote:
> Hi Emeric,
>
> On 3/8/19 11:24 AM, Emeric Brun wrote:
>> Are you sure that servers won't use ECDSA certificates? Do you check that
>> conn are successful forcing 'ECDHE-RSA-AES256-GCM-SHA384'
>
> Backend servers only support TLS 1.2 and RSA certificat
Hi Emeric,
On 3/8/19 11:24 AM, Emeric Brun wrote:
Are you sure that servers won't use ECDSA certificates? Do you check that conn
are successful forcing 'ECDHE-RSA-AES256-GCM-SHA384'
Backend servers only support TLS 1.2 and RSA certificates.
Could you check algo supported by QAT doing this ?
Hi Emeric,
On 3/8/19 4:43 PM, Emeric Brun wrote:
I've just realized that if your server are TLSv1.3 ssl-default-server-ciphers
won't force anything (see ssl-default-server-ciphersuites documentation)
Backend servers are 'only' TLS 1.2, so it should have desired effect.
Will test suggested co
[I'm re-sending this email as I guess it "fell through the cracks",
and I do believe that it is a bug.]
According to the HAProxy 1.8 documentation:
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.1
- "dir" : subdir match : check that a slash-delimited portion of the
Hello,
my collegues and me were highly surprised with the "abbreviated form
with all-0-octets
ommitted" [1] for IPv4 addresses. It would be good to provide better
(or rather exact)
technical explanation why it is so - either in the documentation or at
least here in the
mailing-list. Any sort
17 matches
Mail list logo