Just for the few who have already downloaded it, I have re-uploaded
the snapshot with a fix (I failed my attempt at automatically renaming
it so it ended up with the same name).
There was a bug affecting the combination of accept-proxy + ssl which
I just fixed.
Regards,
Willy
What a great news !
Let's go testing on internal applications.
Congrats to the Exceliance team !
Hervé.
On 09/04/2012 08:12 AM, Willy Tarreau wrote:
Just for the few who have already downloaded it, I have re-uploaded
the snapshot with a fix (I failed my attempt at automatically renaming
it
On Tuesday, September 04, 2012 01:37:17 AM Willy Tarreau wrote:
After several months of efforts by the Exceliance team, we managed to
rework all the buffer and connection layers in order to get SSL working
on both sides of HAProxy.
Very cool.
Since HAProxy is event-driven, is anything done to
On Mon, Sep 03, 2012 at 11:21:51PM -0700, Justin Karneges wrote:
On Tuesday, September 04, 2012 01:37:17 AM Willy Tarreau wrote:
After several months of efforts by the Exceliance team, we managed to
rework all the buffer and connection layers in order to get SSL working
on both sides of
benchmarks, the code was merged into the master
branch and is in today's snapshot (20120904) here :
http://haproxy.1wt.eu/download/1.5/src/snapshot/
Build it by passing USE_OPENSSL=1 on the make command line. You
should
also include support for linux-2.6 options for better results :
make TARGET
was merged into the
master branch and is in today's snapshot (20120904) here :
http://haproxy.1wt.eu/download/1.5/src/snapshot/
Build it by passing USE_OPENSSL=1 on the make command line. You
should also include support for linux-2.6 options for better results
:
make TARGET=linux2628
Hi,
On Tue, Sep 04, 2012 at 09:12:53AM +0200, Guillaume Castagnino wrote:
Hi,
Great news !
Just one question: is SNI support planned ? This would be great to allow
one certificate per named vhost.
Yes it's planned but not done yet. Emeric sees how to implement this but
we wanted to
and is in today's snapshot (20120904) here :
http://haproxy.1wt.eu/download/1.5/src/snapshot/
Build it by passing USE_OPENSSL=1 on the make command line. You
should also include support for linux-2.6 options for better results
:
make TARGET=linux2628 USE_OPENSSL=1
If all goes well by the end
On 04/09/12 09:37, Willy Tarreau wrote:
Have a lot of fun and please report your success/failures,
Willy
Small issue when compiling on CentOS 5.8 64bit against RPM versions of
openssl-devel and e2fsprogs-devel-1.39-34.el5_8.1 I get the following:
make TARGET=linux2628 USE_OPENSSL=1
gcc
into the master
branch and is in today's snapshot (20120904) here :
http://haproxy.1wt.eu/download/1.5/src/snapshot/
Build it by passing USE_OPENSSL=1 on the make command line. You should
also include support for linux-2.6 options for better results :
make TARGET=linux2628 USE_OPENSSL=1
All,
A small howto to play with it can be found here:
http://blog.exceliance.fr/2012/09/04/howto-ssl-native-in-haproxy/
cheers
On Tue, Sep 04, 2012 at 05:56:14PM +1000, Duncan Hall wrote:
On 04/09/12 09:37, Willy Tarreau wrote:
Have a lot of fun and please report your success/failures,
Willy
Small issue when compiling on CentOS 5.8 64bit against RPM versions of
openssl-devel and
Congratulations Willy and Team...
On Tue, Sep 4, 2012 at 3:59 PM, Willy Tarreau w...@1wt.eu wrote:
On Tue, Sep 04, 2012 at 05:56:14PM +1000, Duncan Hall wrote:
On 04/09/12 09:37, Willy Tarreau wrote:
Have a lot of fun and please report your success/failures,
Willy
Small issue
Hi, Willy
Thanks for this long time expected feature !
Have a lot of fun and please report your success/failures,
There is an include issue in this snapshot on FreeBSD (witch is not I
think ssl related) :
gmake TARGET=freebsd USE_OPENSSL=1
gcc -Iinclude -Iebtree -Wall -O2 -g
Hi Joris,
On Tue, Sep 04, 2012 at 01:45:29PM +0200, joris dedieu wrote:
Hi, Willy
Thanks for this long time expected feature !
Have a lot of fun and please report your success/failures,
There is an include issue in this snapshot on FreeBSD (witch is not I
think ssl related) :
(...)
improve
their cache management before this can become a default build option.
Enough speaking, for those who want to test or even have the hardware to
run more interesting benchmarks, the code was merged into the master
branch and is in today's snapshot (20120904) here :
http://haproxy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 04/Sep - 01:37, Willy Tarreau w...@1wt.eu wrote:
| Have a lot of fun and please report your success/failures,
| Willy
Thanks a lot for this useful feature. It works well on a dual PPC64 Linux
server.
I wrote a small path to add the
Emeric reported that the build fails without USE_OPENSSL, which is caused
by a last-minute change I did yesterday evening. It shows up as ssl_cert
not being part of a structure.
If you get this, please use the attached patch.
Regards,
Willy
From ff9f7698fcefef66bceb1ec32a3da8b14947a594 Mon Sep
Hi Lukas,
On Tue, Sep 04, 2012 at 03:05:14PM +0200, Lukas Tribus wrote:
Willy, this is huge! Great, great work!
A few comments/questions:
- are you running latest and greatest openssl on demo.1wt.eu? I am asking
because Secure Renegotiation doesn't seem to be supported [1]. Older
Hi David,
On Tue, Sep 04, 2012 at 03:15:13PM +0200, David BERARD wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 04/Sep - 01:37, Willy Tarreau w...@1wt.eu wrote:
| Have a lot of fun and please report your success/failures,
| Willy
Thanks a lot for this useful feature. It
Point taken. However, it's important to know that SSL uses the negative form,
which is why I preferred to use the same one. You have options to *disable*
use of V2/V3/TLS, not to enable them. Thus I find it more durable to stay on
the same logics because if openssl 1.2 comes with support for
On Tue, Sep 04, 2012 at 04:12:43PM +0200, Lukas Tribus wrote:
However if we see a much higher performance level by using the native API,
we'd probably write a 3rd data layer dedicated to yassl, and would probably
rename the current SSL data layer so that we can choose the one we want at
Great ! Thanks to the team ! :-)
2012/9/4 Willy Tarreau w...@1wt.eu
On Tue, Sep 04, 2012 at 04:12:43PM +0200, Lukas Tribus wrote:
However if we see a much higher performance level by using the native
API,
we'd probably write a 3rd data layer dedicated to yassl, and would
probably
On Tuesday, September 04, 2012 08:41:44 AM Willy Tarreau wrote:
On Mon, Sep 03, 2012 at 11:21:51PM -0700, Justin Karneges wrote:
On Tuesday, September 04, 2012 01:37:17 AM Willy Tarreau wrote:
After several months of efforts by the Exceliance team, we managed to
rework all the buffer and
Hi,
In fact when I say yassl, I really mean CyaSSL.
Ok, great.
A few more comments about (C)yassl:
- development of new features is obviously not as fast as in OpenSSL. For
example TLS SNI is not supported yet (ETA: next release) [1]. This feature
was introduced in 2007 (0.9.8f)
25 matches
Mail list logo