Hi William, Tried but still the same ;(
On Fri, Jul 3, 2020 at 2:35 AM William Dauchy wrote:
>
> Hi Igor,
>
> On Thu, Jul 2, 2020 at 9:57 AM Igor Pav wrote:
> > By using dev11, the CPU consumption drops a lot, but when connections
> > reach ~1000, the CPU would still
0:31PM +0800, Igor Pav wrote:
> > Hi, are those log lines both in syslog? I didn't see it there. I'm
> > using this simple setup for a forward HTTP proxy, sooner and later,
> > CPU goes crazy.
>
> Sorry for this late reply. The "bogus stream" message Wi
Hi, are those log lines both in syslog? I didn't see it there. I'm
using this simple setup for a forward HTTP proxy, sooner and later,
CPU goes crazy.
On Fri, Jun 12, 2020 at 12:24 AM William Dauchy wrote:
>
> Hello Igor,
>
> On Thu, Jun 11, 2020 at 5:25 PM Igor Pav wr
Hello, list
We got a very high CPU constantly while using 2.2dev. Any suggestion? Thanks.
Config like:
global
log 127.0.0.1 local0
maxconn 4096
daemon
ssl-server-verify none
defaults
log global
modehttp
option httplog
timeout check 3000
timeout connect
chard wrote:
>
> Hi Igor,
>
> On Sun, Jun 23, 2019 at 08:42:46PM +0800, Igor Pav wrote:
> > Hi Olivier,
> >
> > The `retry-on 0rtt-rejected` will only work in tcp mode, is that
> > possible to let it work in http mode too?
> >
>
> It should work wit
Hi Olivier,
The `retry-on 0rtt-rejected` will only work in tcp mode, is that
possible to let it work in http mode too?
On Mon, May 6, 2019 at 4:37 AM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Mon, May 06, 2019 at 12:26:33AM +0800, Igor Pav wrote:
> > Hi, Olivier, thanks for
Tried, still same result.
On Thu, Jun 20, 2019 at 11:14 PM Lukas Tribus wrote:
>
> On Thu, 20 Jun 2019 at 09:24, Igor Pav wrote:
> >
> > Hi Lukas,
> >
> > Found when using h2, the request URI to squid is / without
> > http://example.com/, so squid return
[TRACE] trace
```
On Thu, Jun 20, 2019 at 3:39 AM Lukas Tribus wrote:
>
> Hello,
>
> On Wed, 19 Jun 2019 at 19:35, Igor Pav wrote:
> >
> > Hello,
> >
> > I do a quick playing around with H2 proxy with Chome, Chrome has
> > built-in HTTPS proxy support.
>
Hello,
I do a quick playing around with H2 proxy with Chome, Chrome has
built-in HTTPS proxy support.
If I conf like:
listen FE
mode http
bind 0.0.0.0:1443 ssl crt cert.pem alpn h2,http/1.1
server squid-fwd-proxy 127.0.0.1:3128
then I set Chrome to use this proxy, it works fine with the https
Hi Olivier,
965e84e now fixed this, thanks! P.S I test it by using browser and squid proxy.
On Sun, Jun 16, 2019 at 3:03 AM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Sat, Jun 15, 2019 at 07:19:24PM +0800, Igor Pav wrote:
> > Hi Olivier,
> >
> > Still suf
Hi Olivier,
Still suffering from 2.0-dev7-b6563f-41 :(
On Sat, Jun 15, 2019 at 5:37 PM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Sat, Jun 15, 2019 at 03:00:23AM +0800, Igor Pav wrote:
> > Hello, dev
> >
> > The commit of ea8dd949e4ab7ddd94afdbf0e96087c88319221
Hello, dev
The commit of ea8dd949e4ab7ddd94afdbf0e96087c883192217 seems to break
the allow-0rtt in server line, a connection will take very very long
to complete. Remove allow-0rtt it turns normal.
conf like:
listen test
mode tcp
bind 0.0.0.0:88
default_backend tls
backend tls
mode tcp
re
Hi, Alec, Willy
Sorry to ask a not so related question here, I have a Linux gateway to
redirect user's TCP traffic by using iptables like `iptables -t nat -A
PREROUTING -p tcp dst -j REDIRECT --to-ports 1000`, port 1000 is
redsocks transparent tcp-to-socks proxy,
since we have Alec's patch here,
Redirect to socks server would be very good for us, we use haproxy to
load balance internal user traffic, happy to use one single rock
stable haproxy solution.
On Mon, Jun 3, 2019 at 8:47 AM Aleksandar Lazic wrote:
>
> Hi.
>
> cipriancraciun, nutinshell and I discussed in the issue above some So
Hi, since haproxy now has DNS, is now possible to make `option
http_proxy` to do DNS and HTTPS, in some cases, we need to let part of
requests go local network directly.
Thanks in advance.
Olivier Houchard wrote:
>
> Hi Igor,
>
> On Fri, May 03, 2019 at 05:21:50PM +0800, Igor Pav wrote:
> > Just tested with openssl 1.1.1b and haproxy 1.9.7, it appears no
> > success, you are right :)
> >
>
> Indeed :)
> I just pushed commit 010941f87605e8219
Just tested with openssl 1.1.1b and haproxy 1.9.7, it appears no
success, you are right :)
On Thu, May 2, 2019 at 8:45 PM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Thu, May 02, 2019 at 08:39:58PM +0800, Igor Pav wrote:
> > Hello, can we use TLS zero RTT in server-side now? J
Hello, can we use TLS zero RTT in server-side now? Just want to reduce
more latency when using SSL talk to the backend servers(also running
haproxy).
Thanks in advance. Regards
Hello, does TFO on the server side now implemented?
On Wed, Jan 4, 2017 at 2:56 PM, Willy Tarreau wrote:
> On Tue, Jan 03, 2017 at 06:21:18PM +0100, Lukas Tribus wrote:
>> Hi Igor,
>>
>>
>> Am 16.12.2016 um 12:52 schrieb Igor Pav:
>> > Cool, even TLS 1
Hello, since TLS 1.3 PSK is incompatible with TLS 1.2, is there an
update patch for recent haproxy to work with TLS 1.3?
On Mon, Jan 9, 2017 at 8:07 AM, Nenad Merdanovic wrote:
> Hello,
>
> On 1/5/2017 4:47 PM, Emeric Brun wrote:
>> On 01/05/2017 04:22 AM, Nenad Merdanovic wrote:
>>> I have a wor
It's excited, does server line(client side) support 0-rtt?
On Mon, Oct 2, 2017 at 11:18 PM, Olivier Houchard wrote:
> Hi,
>
> The attached patches add experimental support for 0-RTT with OpenSSL 1.1.1
> They are based on Emmanuel's previous patches, so I'm submitting them again,
> updated to refl
Thanks, Willy. I found DNS infrastructure improved a lot this year, so
I ask it again, hope it is not so stupid :-)
On Sat, May 13, 2017 at 7:19 AM, Willy Tarreau wrote:
> Hi Igor,
>
> On Sat, May 13, 2017 at 12:58:19AM +0800, Igor Pav wrote:
>> Hi list,
>>
>> Is
Hi list,
Is now there's a converter for hostname to IPv4 available in haproxy?
Regards,
Igor
> Manu
>
>> Le 26 mars 2017 à 17:54, Igor Pav a écrit :
>>
>> Hi, Emmanuel. Any plan to add tls 1.3 zero rtt support for both server
>> and client side?
>>
>> On Sat, Mar 25, 2017 at 2:13 AM, Emmanuel Hocdet wrote:
>>>
>>> Hi Emeric,
&g
Hi, Emmanuel. Any plan to add tls 1.3 zero rtt support for both server
and client side?
On Sat, Mar 25, 2017 at 2:13 AM, Emmanuel Hocdet wrote:
>
> Hi Emeric,
> patches serie updated. The new one is 0004.
> It should match what you are requesting and what I observed in the openssl
> code.
>
> ++
ue, Feb 7, 2017 at 11:17 PM, Emmanuel Hocdet wrote:
> you need:
> ADDLIB="-lpthread -ldecrepit"
>
> Le 7 févr. 2017 à 16:09, Igor Pav a écrit :
>
> Hi, Emmanuel. build with static lib, but no luck, can you provide some
> building details? Thanks.
>
>
ypto/thread_pthread.c:158: undefined reference to
`pthread_setspecific'
collect2: error: ld returned 1 exit status
make: *** [haproxy] Error 1
On Tue, Feb 7, 2017 at 9:12 PM, Emmanuel Hocdet wrote:
> I Igor,
> I build haproxy with boringssl static library to avoid any conflict with
&
sorry for unclear question, it's quite simple, build haproxy from git
with boringssl (DBUILD_SHARED_LIBS=1), just config a simple SSL
frontend.
On Mon, Jan 30, 2017 at 5:42 PM, Willy Tarreau wrote:
> On Mon, Jan 30, 2017 at 04:07:33PM +0800, Igor Pav wrote:
>> any i
any idea with error?
undefined symbol: BIO_read_filename
On Mon, Jan 16, 2017 at 7:42 PM, Willy Tarreau wrote:
> On Fri, Jan 13, 2017 at 06:11:55PM +0100, Emmanuel Hocdet wrote:
>> for 1.8dev
>
> now applied, thanks.
>
> Willy
>
Tested and it works! Could we expect a rtt reduce?
On Mon, Jan 9, 2017 at 8:07 AM, Nenad Merdanovic wrote:
> Hello,
>
> On 1/5/2017 4:47 PM, Emeric Brun wrote:
>> On 01/05/2017 04:22 AM, Nenad Merdanovic wrote:
>>> I have a working patch for this, but it's very ugly currently (minimal
>>> error c
tried compile 1.7.1 with boringssl, but seems not work, error like below:
In file included from src/ssl_sock.c:87:0:
include/proto/openssl-compat.h:107:1: error: unknown type name ‘OCSP_CERTID’
static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const
OCSP_SINGLERESP *single)
^
include/prot
Stunnel supports it, https://www.stunnel.org/auth.html, quite simple.
On Sun, Jan 1, 2017 at 4:34 PM, Willy Tarreau wrote:
> On Sun, Jan 01, 2017 at 01:16:37AM +0800, Igor Pav wrote:
>> Sounds good for SSL backend, is this possible?
>
> Indeed that sounds interesting for such us
Sounds good for SSL backend, is this possible?
On Sun, Oct 25, 2015 at 12:22 PM, Gil Bahat wrote:
> Hi,
>
> I was wondering if HAProxy can do TLS-PSK. this cipher setting is
> advantageous in several scenarios, in particular with low-end clients or
> with stunnel backends. However, since I could
Cool, even TLS 1.3 0 RTT feature requires no changes?
On Fri, Dec 16, 2016 at 3:03 AM, Lukas Tribus wrote:
> Hi Igor,
>
>
> Am 14.12.2016 um 20:47 schrieb Igor Pav:
>>
>> Hi Lukas, in fact, openssl already gets early TLS 1.3 adoption in dev,
>> will release in
Hi Lukas, in fact, openssl already gets early TLS 1.3 adoption in dev,
will release in 1.1.1, and BoringSSL supports TLSv1.3 already.
On Thu, Dec 15, 2016 at 1:48 AM, Lukas Tribus wrote:
> Hi Igor,
>
>
> Am 14.12.2016 um 14:37 schrieb Igor Pav:
>>
>> That's great!
That's great!
Will HAProxy adopt TLS 1.3 soon?
On Tue, Dec 13, 2016 at 7:39 AM, Willy Tarreau wrote:
> Hi,
>
> HAProxy 1.7.1 was released on 2016/12/13. It added 28 new commits
> after version 1.7.0.
>
> It addresses a few issues related to how buffers are allocated under
> low memory condition
Hello, list.
Seems DNS function implemented for a long time, I wonder
if it is possible to convert hostname to IP now? So we can have like:
acl US conv_to_ip(host),map_ip(/etc/haproxy/geolocation.txt) -m str -i US
Thanks.
Bests,
-Igor
37 matches
Mail list logo