You can test if you are vulnerable here: http://filippo.io/Heartbleed/
On 04/08/2014 05:57 PM, Baptiste wrote:
Hi Lukas,
Thanks for sharing :)
Baptiste
On Tue, Apr 8, 2014 at 9:41 AM, Lukas Tribus luky...@hotmail.com wrote:
Hi list,
anyone running openssl 1.0.1 is likely affected by the
I think your order may be wrong.
I have my key last.
Regards,
Duncan
On 08/07/13 17:47, Lukas Tribus wrote:
Hi Jürgen,
Now I'm getting the error
unable to load SSL private key from PEM file
I checked the contents of the domain1.pem file and there is the
following order included:
-
magic feature! Eventually I will get the sites rebuilt to use
backend session persistence and this will all become very simple.
Regards,
Duncan
On 08/04/13 15:47, Willy Tarreau wrote:
Hi Duncan,
On Mon, Apr 08, 2013 at 02:53:06PM +1000, Duncan Hall wrote:
Hi,
I have a website that acts
Hi,
I have a website that acts as the SSL ecommerce checkout for several
other sites. All of the sites are on the same public IP and live in a
cluster of tomcat servers.
I need to maintain session persistence when moving from one domain to
the SSL enabled domain and from http to https. Can
On 12/01/13 23:02, Baptiste wrote:
Could you just confirm it works???
And sorry for the crap right out of my head :)
cheers
On Sat, Jan 12, 2013 at 12:50 AM, duncan hall dun...@viator.com wrote:
Thanks, yes I got the error and was just looking for some time to fix it.
Thanks Willy
you please give it a try and let me now if it works??
cheers
On Wed, Jan 9, 2013 at 12:51 PM, duncan hall dun...@viator.com wrote:
For PCI compliance I need to add the httponly cookie attribute to the
appsession cookie set by IIS 6.0. Any thoughts on how I could accomplish the
rewriting
For PCI compliance I need to add the httponly cookie attribute to the
appsession cookie set by IIS 6.0. Any thoughts on how I could accomplish the
rewriting of this cookie using haproxy?
Regards,
Duncan
On 14/09/12 15:07, Willy Tarreau wrote:
One thing I did notice on CentOS 5.8 and 6.3 is that at compile time I
now need to use USE_STATIC_PCRE=1 instead of USE_PCRE=1. If I use
USE_PCRE=1 it will compile and run but if the conf file references an
ssl cert it cannot read the key in the pem
On 10/09/12 19:23, Willy Tarreau wrote:
Hi Duncan,
On Mon, Sep 10, 2012 at 07:16:30PM +1000, Duncan Hall wrote:
On 10/09/12 18:10, Willy Tarreau wrote:
Many bugs were fixes, and many were certainly introduced. If you observe
any
bug, please report it, as I'd rather issue -dev13 quickly
On 10/09/12 18:10, Willy Tarreau wrote:
Many bugs were fixes, and many were certainly introduced. If you observe any
bug, please report it, as I'd rather issue -dev13 quickly with many fixes.
Great work, very much appreciated.
I have rolled 1.5-dev12 into a test environment and noticed that
On 04/09/12 09:37, Willy Tarreau wrote:
Have a lot of fun and please report your success/failures,
Willy
Small issue when compiling on CentOS 5.8 64bit against RPM versions of
openssl-devel and e2fsprogs-devel-1.39-34.el5_8.1 I get the following:
make TARGET=linux2628 USE_OPENSSL=1
gcc
Wow, we could all be rich in just 1 week!
D
On 07/09/10 14:10, Harry Moore wrote:
Goodday,
Firstly let me introduced myself to you because I searched you on the internet
and decided to mail you about a business that might be of interest to you.
I am Harry Moore, the chief security
You are running the load balancer in TCP mode and not http mode.
Thats OK, but you need to set up a section for it the config for http mode.
Try adding this to your haproxy.cfg (replace 192.168.123.1 with your
servers IP address):
# LOCAL HAProxy stats #
listen stats 192.168.123.1:80
While I agree NGINX will offer much more flexibility (caching, ssl
offload and compression), stunnel can be configured for multiple vhosts:
I have moved to NGINX but here is a copy of my old stunnel.conf showing
2 hosts
cat /etc/stunnel/stunnel.conf
pid = /var/run/stunnel.pid
#debug = 7
Hi All,
I have been writing a perl script for creating RRD files, logging and
graphing the current sessions, queue length and status of backend
servers in my environments.
It uses either the CSV output from the status page for remote monitoring
or the output from the local haproxy unix
Hi,
I've been writing a standalone perl script to parse the csv status page
to extract some statistics and build pretty RRD Graphs based on current
sessions, status and queues.
All is working but I was wondering if anyone could enlighten me to
meaning of the hanafail field in 1.4?
Thanks
Quick question (request) I hope,
I have a backend group of servers containing a 20 servers, eg:
server VM330230a 172.16.10.2:80 cookie A330230a check inter 15s rise 3
fall 1 slowstart 60s minconn 25 maxconn 50 weight 10
server VM330231a 172.16.10.3:80 cookie A330231a check inter 15s rise 3
Willy,
Sorry for the delay in getting back to you.
I found the issue, it was caused by a misconfiguration in HA Heartbeat
where the failover server kept trying to steal the IP address of the
HAproxy server.
I should have known there was nothing wrong with HAproxy!
Thanks for your help and
Rather than multiple stunnel instances a single instance can manage
multiple IP addresses and certs. As Bernhard mentioned once the request
is picked up by stunnel and forwarded to haproxy it is no longer
encrypted on your backend network.
Here is what your stunnel.conf may look like with 3
19 matches
Mail list logo