Re: Some compilation SSL errors/warnings on debian testing

On 03/15/2017 07:06 PM, Willy Tarreau wrote: > Hi Manu, > > On Wed, Mar 15, 2017 at 07:00:28PM +0100, Emmanuel Hocdet wrote: >>> ssl_options seems still valid, all directives can be mapped to it and keep >>> compatibility. >>> >> >> Patch proposal: > > Maybe it could work, let's wait for

Re: [PATCHES] Add support for LibreSSL 2.5.1

Hi Piotr,Le 16 mars 2017 à 09:48, Piotr Kubaj a écrit :Thanks for the patch!Looks good to me, works fine with Haproxy and LibreSSL 2.5.1.greatWilly, can you merge this two patchs? It fix boringssl and libressl build issues.Piotr, this patchs should be minimise your patch for

Re: Some compilation SSL errors/warnings on debian testing

Hi Emeric, > Le 16 mars 2017 à 14:44, Emeric Brun a écrit : > > I'm clearly not sure that setting openssl's options to ~no-tlsxx have the > same behavior than forcing the callback sets (using force-) to one protocol. > > I always suspected that no-tlsxx options applies on a

Re: Considering HAProxy to Bump TLS 1.1 Traffic to TLS 1.2

Hello Ryan, Am 16.03.2017 um 17:02 schrieb Ryan Collier: We have a legacy application that can only use TLS 1.1 due to the version of Java it supports (1.6). We connect to a third party for credit card authorizations, and they are going to be upgrading their web services endpoint to only

Considering HAProxy to Bump TLS 1.1 Traffic to TLS 1.2

Hello, We have a legacy application that can only use TLS 1.1 due to the version of Java it supports (1.6). We connect to a third party for credit card authorizations, and they are going to be upgrading their web services endpoint to only accept TLS 1.2 traffic sometime over the Summer. We

Re: Some compilation SSL errors/warnings on debian testing

Hi Manu, On 03/16/2017 02:44 PM, Emeric Brun wrote: > On 03/15/2017 07:06 PM, Willy Tarreau wrote: >> Hi Manu, >> >> On Wed, Mar 15, 2017 at 07:00:28PM +0100, Emmanuel Hocdet wrote: ssl_options seems still valid, all directives can be mapped to it and keep compatibility. >>> >>>

issues with ALPN and h2 on frontend

I compiled openssl 1.0.2k, then compiled haproxy 1.7.3 against it but alpn and h2 just seem to not working right. [root@proxy01 ~]# haproxy -vv HA-Proxy version 1.7.3 2017/02/28 Copyright 2000-2017 Willy Tarreau Build options : TARGET = linux2628 CPU = generic CC

tcp load balancing based on user information in client data

Hi All, Currently we are using HAProxy on AWS in TCP proxy mode to cater some non http traffic in round-robin fashion. We are migrating our service to some other service provider. We are planning to migrate users in chunks. We want the load balancing solution based upon the user information so

Re: issues with ALPN and h2 on frontend

Hi Matt, On 17-03-16 12:00:46, Matt Jamison wrote: > When I have alpn and h2 set on the bind line, no requests can get past > the frontend. I disabled all back ends so that at least the 503 error > page I have set would come up but no go. > > [...] > > Am I doing something wrong? This currently

HaProxy X-Frame-Options with SAMEORIGIN & ALLOW-FROM

Hi All, I want to set X-Frame-Options to SAMEORIGIN but should be Ifram or access by one of our subdomain website. means i want to allow www.abc.com from oms.abc.com Any one one know how to set X-Frame-Options with SAMEORIGIN & ALLOW-FROM in HaProxy I added one setting in haproxy config file

Re: HaProxy X-Frame-Options with SAMEORIGIN & ALLOW-FROM

Hi, On Thu, Mar 16, Devendra Joshi wrote: > Any one one know how to set X-Frame-Options with SAMEORIGIN & ALLOW-FROM in > HaProxy > > I added one setting in haproxy config file but showing error. > > acl main_site req.hdr(Host) http://www.abc.com > http-response add-header X-Frame-Options:\

Re: HaProxy X-Frame-Options with SAMEORIGIN & ALLOW-FROM

Hi Jarno Thanks for your reply. I have added following lines in frontend acl main_site req.hdr(Host) -i http://www.abc.com http-response add-header X-Frame-Options ALLOW-FROM\ http://oms.naaptol.com if main_site http-response add-header X-Frame-Options SAMEORIGIN if !

Re: HaProxy X-Frame-Options with SAMEORIGIN & ALLOW-FROM

Hi, On Thu, Mar 16, Devendra Joshi wrote: > acl main_site req.hdr(Host) -i http://www.abc.com Host headers don't usually have http:// (or https://) (or did email mailer add the http://). Usually I use hdr_dom(Host) -i www.abc.com > http-response add-header X-Frame-Options

Re: HaProxy X-Frame-Options with SAMEORIGIN & ALLOW-FROM

Hi, On 16.03.2017 08:51, Jarno Huuskonen wrote: > Hi, > > On Thu, Mar 16, Devendra Joshi wrote: >> Any one one know how to set X-Frame-Options with SAMEORIGIN & ALLOW-FROM in >> HaProxy >> >> I added one setting in haproxy config file but showing error. >> >> acl main_site req.hdr(Host)

Re: Haproxy ssl with nginx backend problem.....

On 16/03/2017 09:21 πμ, 何智声 wrote: > at first thank you read this email,and you help! > i have problem for haproxy settings, > this is my haproxy.cfg settings > > frontend > 内嵌图片 3 > backend > 内嵌图片 2 > 内嵌图片 1 > what happen on it and how to fix this error..thank you!!! I am sorry but I

[PATCH] BUG: payload: fix payload not retrieving arbitrary lengths

This fixes a regression introduced in d7bdcb874bcb, that removed the ability to use req.payload(0,0) to read the whole buffer content. The offending commit is present starting in version 1.6, so the patch should be backported to versions 1.6 and 1.7. --- src/payload.c | 2 +- 1 file changed, 1

Re: issues with ALPN and h2 on frontend

So from what I can find, mode http and alpn h2 are not supported together? alpn h2 is only supported with mode tcp? I get no errors with my config, so I don't know what is unsupported. I need mode http so I can insert cookies and do other things not supported in mode tcp. If someone could give

Re: Haproxy ssl with nginx backend problem.....

Hi, > De: "何智声" > À: haproxy@formilux.org > Envoyé: Jeudi 16 Mars 2017 09:21:59 > Objet: Haproxy ssl with nginx backend problem. > > > at first thank you read this email,and you help! > i have problem for haproxy settings, > this is my haproxy.cfg settings > > >

Re: OpenSSL engine and async support

Hi Grant, On 03/15/2017 06:20 PM, Grant Zhang wrote: > Hi Emeric >> On Mar 15, 2017, at 10:05, Emeric Brun wrote: >> >> Hi John, >> There is some inconsistencies between the engine and the used client: here the conf: global

Re: issues with ALPN and h2 on frontend

Hi Matt, Am 16.03.2017 um 21:29 schrieb Matt Jamison: So from what I can find, mode http and alpn h2 are not supported together? That's not it. HTTP/2 is not supported in any haproxy release, period. That fact that you can tunnel arbitrary TCP payload through haproxy, while TLS terminating