On Sun, Jun 20, 2021 at 05:20:41PM -0600, Shawn Heisey wrote:
> On 6/20/2021 3:16 PM, Lukas Tribus wrote:
> > It's a haproxy bug, affecting 2.4 releases, I've filed an issue in our
> > tracker:
> >
> > https://github.com/haproxy/haproxy/issues/1297
>
> Almost always when I report a problem I'm
> Am 21.06.2021 um 18:25 schrieb Shawn Heisey :
>
> On 2021-06-20 06:03, Shawn Heisey wrote:
>> Unrelated, and off topic because it's mostly about Apache, but strange:
>> I've been doing some tests with webpagetest.org, and seeing REALLY
>> long load times for some resources in their waterfall
On 2021-06-20 06:03, Shawn Heisey wrote:
Unrelated, and off topic because it's mostly about Apache, but strange:
I've been doing some tests with webpagetest.org, and seeing REALLY
long load times for some resources in their waterfall graph. I see no
speed problems when I load the pages from my
On 6/20/2021 3:16 PM, Lukas Tribus wrote:
It's a haproxy bug, affecting 2.4 releases, I've filed an issue in our tracker:
https://github.com/haproxy/haproxy/issues/1297
Almost always when I report a problem I'm having with a mature piece of
software, I expect the issue to be PEBCAK, not an
On Sun, Jun 20, 2021 at 11:31:10PM +0200, Willy Tarreau wrote:
> On Sun, Jun 20, 2021 at 11:16:15PM +0200, Lukas Tribus wrote:
> > Hello Shawn,
> >
> > On Sun, 20 Jun 2021 at 14:03, Shawn Heisey wrote:
> > >
> > > On 6/20/2021 1:52 AM, Lukas Tribus wrote:
> > > > Can you try disabling threading,
On Sun, Jun 20, 2021 at 11:16:15PM +0200, Lukas Tribus wrote:
> Hello Shawn,
>
> On Sun, 20 Jun 2021 at 14:03, Shawn Heisey wrote:
> >
> > On 6/20/2021 1:52 AM, Lukas Tribus wrote:
> > > Can you try disabling threading, by putting nbthread 1 in your config?
> >
> > That didn't help. From
Hello Shawn,
On Sun, 20 Jun 2021 at 14:03, Shawn Heisey wrote:
>
> On 6/20/2021 1:52 AM, Lukas Tribus wrote:
> > Can you try disabling threading, by putting nbthread 1 in your config?
>
> That didn't help. From testssl.sh:
>
> SSL Session ID support yes
> Session Resumption
On 6/20/2021 1:52 AM, Lukas Tribus wrote:
Can you try disabling threading, by putting nbthread 1 in your config?
That didn't help. From testssl.sh:
SSL Session ID support yes
Session Resumption Tickets: yes, ID: no
An upgrade to 2.4.1 would also be advisable, it actually
Hello Shawn,
On Sun, 20 Jun 2021 at 08:39, Shawn Heisey wrote:
> This is what SSL Labs now says for the thing that started this thread:
>
> Session resumption (caching)No (IDs assigned but not accepted)
> Session resumption (tickets)Yes
>
> I'd like to get the caching item fixed, but I
вс, 20 июн. 2021 г. в 11:43, Shawn Heisey :
> On 6/17/2021 1:01 AM, Willy Tarreau wrote:
> > I don't know if the config is responsible for this but I've just tested
> > on haproxy.org and it does work there:
> >
> >Session resumption (caching) Yes
> >Session resumption (tickets)
On 6/17/2021 1:01 AM, Willy Tarreau wrote:
I don't know if the config is responsible for this but I've just tested
on haproxy.org and it does work there:
Session resumption (caching) Yes
Session resumption (tickets) Yes
Many thanks to everyone who replied, and countless
On 6/16/2021 9:26 AM, Lukas Tribus wrote:
That is not true, you can disable TLS tickets and still get resumption
on TLSv1.2. Disabling TLSv1.0 does not mean disabling Session ID
caching.
What do you see with testssl.sh ?
That was an interesting rabbit hole. Finally got it downloaded
On Fri, Jun 11, 2021 at 06:48:09PM -0600, Shawn Heisey wrote:
> I'm fiddling with ssl labs to see how I can improve my TLS setup.
>
> Here's what they say about a site I have behind haproxy with TLS:
>
> https://www.elyograg.org/foo/haproxy-ssllabs-session-resumption-not-working.png
>
> They
ср, 16 июн. 2021 г. в 20:27, Lukas Tribus :
> On Wed, 16 Jun 2021 at 17:03, Илья Шипицин wrote:
> >
> > ssl sessions are for tls1.0 (disabled in your config)
> > tls1.2 uses tls tickets for resumption
>
> That is not true, you can disable TLS tickets and still get resumption
> on TLSv1.2.
On Wed, 16 Jun 2021 at 17:03, Илья Шипицин wrote:
>
> ssl sessions are for tls1.0 (disabled in your config)
> tls1.2 uses tls tickets for resumption
That is not true, you can disable TLS tickets and still get resumption
on TLSv1.2. Disabling TLSv1.0 does not mean disabling Session ID
caching.
ssl sessions are for tls1.0 (disabled in your config)
tls1.2 uses tls tickets for resumption
what does ssl labs say on tls tickets ?
сб, 12 июн. 2021 г. в 05:51, Shawn Heisey :
> I'm fiddling with ssl labs to see how I can improve my TLS setup.
>
> Here's what they say about a site I have
I'm fiddling with ssl labs to see how I can improve my TLS setup.
Here's what they say about a site I have behind haproxy with TLS:
https://www.elyograg.org/foo/haproxy-ssllabs-session-resumption-not-working.png
They claim that session resumption isn't working. I'm hoping that I've
just done
17 matches
Mail list logo
