Hi Lukas,
On 06/27/2018 04:48 AM, Willy Tarreau wrote:
> On Wed, Jun 27, 2018 at 01:44:08AM +0200, Lukas Tribus wrote:
>> Hey guys,
>>
>>
>> FYI after lots of discussions with openssl folks:
>>
>> https://github.com/openssl/openssl/issues/5330
>> https://github.com/openssl/openssl/pull/6388
>> htt
On Wed, Jun 27, 2018 at 01:44:08AM +0200, Lukas Tribus wrote:
> Hey guys,
>
>
> FYI after lots of discussions with openssl folks:
>
> https://github.com/openssl/openssl/issues/5330
> https://github.com/openssl/openssl/pull/6388
> https://github.com/openssl/openssl/pull/6432
>
>
> OpenSSL 1.1.1
Hey guys,
FYI after lots of discussions with openssl folks:
https://github.com/openssl/openssl/issues/5330
https://github.com/openssl/openssl/pull/6388
https://github.com/openssl/openssl/pull/6432
OpenSSL 1.1.1 will now keep the FD open by default:
https://github.com/openssl/openssl/commit/c7
Hi Lukas,
On 05/24/2018 11:27 AM, Lukas Tribus wrote:
> Hi Emeric,
>
>
> On 24 May 2018 at 11:19, Emeric Brun wrote:
>> in pre6 there is a news wrapping function on getrandom which have different
>> fallback way to use the syscall.
>>
>> Perhaps the openssl -r output depends of that (if getran
Hi Emeric,
On 24 May 2018 at 11:19, Emeric Brun wrote:
> in pre6 there is a news wrapping function on getrandom which have different
> fallback way to use the syscall.
>
> Perhaps the openssl -r output depends of that (if getrandom was found from
> glibc or if a syscall loaded from a different
Hi Lukas,
On 05/23/2018 09:48 PM, Lukas Tribus wrote:
> Hello,
>
>
> On 23 May 2018 at 18:29, Emeric Brun wrote:
>> This issue was due to openssl-1.1.1 which re-seed after an elapsed time or
>> number of request.
>>
>> If /dev/urandom is used as seeding source when haproxy is chrooted it fails
On 05/23/2018 09:48 PM, Lukas Tribus wrote:
> Hello,
>
>
> On 23 May 2018 at 18:29, Emeric Brun wrote:
>> This issue was due to openssl-1.1.1 which re-seed after an elapsed time or
>> number of request.
>>
>> If /dev/urandom is used as seeding source when haproxy is chrooted it fails
>> to re-op
Hello,
On 23 May 2018 at 22:17, Jim Freeman wrote:
> Or kludge around it with eg; http://www.issihosts.com/haveged/ ?
No, it's not about insufficient entropy in the kernel. It's about
interfacing with that entropy while in chroot.
Lukas
Or kludge around it with eg; http://www.issihosts.com/haveged/ ?
On Wed, May 23, 2018 at 1:48 PM, Lukas Tribus wrote:
> Hello,
>
>
> On 23 May 2018 at 18:29, Emeric Brun wrote:
> > This issue was due to openssl-1.1.1 which re-seed after an elapsed time
> or number of request.
> >
> > If /dev/ur
Hello,
On 23 May 2018 at 18:29, Emeric Brun wrote:
> This issue was due to openssl-1.1.1 which re-seed after an elapsed time or
> number of request.
>
> If /dev/urandom is used as seeding source when haproxy is chrooted it fails
> to re-open /dev/urandom
>
> By defaut the openssl-1.1.1 co
Hi Sander, Lukas,
On 05/23/2018 02:32 PM, Lukas Tribus wrote:
> Hello,
>
> On 23 May 2018 at 13:10, Sander Hoentjen wrote:
>> I can confirm the issue is gone when I don't use chroot. I will try to
>> see if I can get more info like a strace soon. I won't be able to today
>> though. Thanks Lucas
Hello,
On 23 May 2018 at 13:10, Sander Hoentjen wrote:
> I can confirm the issue is gone when I don't use chroot. I will try to
> see if I can get more info like a strace soon. I won't be able to today
> though. Thanks Lucas and Emeric!
1.8.9 with 1.1.1-pre6 chrooted is now running for me for mo
On 05/22/2018 04:31 PM, Sander Hoentjen wrote:
> On 05/22/2018 04:19 PM, Emeric Brun wrote:
>> Hi Sander,
>>
>> On 05/22/2018 02:04 PM, Sander Hoentjen wrote:
>>> On 05/22/2018 12:04 PM, Lukas Tribus wrote:
Hello,
On 22 May 2018 at 11:48, Sander Hoentjen wrote:
> I did, but I
On 05/22/2018 04:19 PM, Emeric Brun wrote:
> Hi Sander,
>
> On 05/22/2018 02:04 PM, Sander Hoentjen wrote:
>> On 05/22/2018 12:04 PM, Lukas Tribus wrote:
>>> Hello,
>>>
>>> On 22 May 2018 at 11:48, Sander Hoentjen wrote:
I did, but I still experience the same issues. What is your exact
h
Hi Sander,
On 05/22/2018 02:04 PM, Sander Hoentjen wrote:
> On 05/22/2018 12:04 PM, Lukas Tribus wrote:
>> Hello,
>>
>> On 22 May 2018 at 11:48, Sander Hoentjen wrote:
>>> I did, but I still experience the same issues. What is your exact
>>> haproxy version you tested with? Mine is 1.8.8
>>> Buil
On 05/22/2018 12:04 PM, Lukas Tribus wrote:
> Hello,
>
> On 22 May 2018 at 11:48, Sander Hoentjen wrote:
>> I did, but I still experience the same issues. What is your exact
>> haproxy version you tested with? Mine is 1.8.8
>> Built with OpenSSL version : OpenSSL 1.1.1-pre6 (beta) 1 May 2018
>> Ru
Hello,
On 22 May 2018 at 11:48, Sander Hoentjen wrote:
> I did, but I still experience the same issues. What is your exact
> haproxy version you tested with? Mine is 1.8.8
> Built with OpenSSL version : OpenSSL 1.1.1-pre6 (beta) 1 May 2018
> Running on OpenSSL version : OpenSSL 1.1.1-pre6 (beta)
On 05/19/2018 04:55 PM, Lukas Tribus wrote:
> Hello,
>
>
> On 19 April 2018 at 11:09, Sander Hoentjen wrote:
>> I just tried 1.1.1-pre5, and I still have the same issue.
> I'm running 1.1.1-pre6 now with good results. You may want to check that out.
I did, but I still experience the same issues. W
Hello,
On 19 April 2018 at 11:09, Sander Hoentjen wrote:
> I just tried 1.1.1-pre5, and I still have the same issue.
I'm running 1.1.1-pre6 now with good results. You may want to check that out.
cheers,
lukas
Hi Lucas,
On 04/17/2018 04:27 PM, Lukas Tribus wrote:
> Hello Sander,
>
>
> On 16 April 2018 at 10:55, Sander Hoentjen wrote:
>> Reading my email again it looks like somehow I messed up part of it,
>> retrying:
>>
>> Hi all,
>>
>> I built Haproxy (1.8.7) against openssl 1.1.1-pre4, and now after
Hello Sander,
On 16 April 2018 at 10:55, Sander Hoentjen wrote:
> Reading my email again it looks like somehow I messed up part of it,
> retrying:
>
> Hi all,
>
> I built Haproxy (1.8.7) against openssl 1.1.1-pre4, and now after 1 hour
> running haproxy stops accepting new SSL connections.
I ha
Reading my email again it looks like somehow I messed up part of it,
retrying:
Hi all,
I built Haproxy (1.8.7) against openssl 1.1.1-pre4, and now after 1 hour
running haproxy stops accepting new SSL connections. When I restart it
works again for almost(?) exactly 1 hour, then stops. Any idea wha
Hi all,
I built Haproxy (1.8.7) against openssl 1.1.1-pre4, and now after 1 hour
running haproxy stops accepting new SSL connections. When I restart it
works again for almost(?) exactly 1 hour, then stops.
Any idea what might be causing this, or where I should look
# haproxy -vv
HA-Proxy version
23 matches
Mail list logo