Haproxy support for handling concurrent requests from different clients

2018-05-10 Thread Mihir Shirali
Hi Team, We have haproxy installed on a server which is being used primarily for front ending TLS. After session establishment it sets certain headers in the http request and forwards it to the application in the backend. The back end application is a tftp server and hence it can receive requests

Re: Haproxy support for handling concurrent requests from different clients

2018-05-10 Thread Mihir Shirali
cision based on the high number of requests. On Fri, May 11, 2018 at 1:58 AM, Aleksandar Lazic wrote: > Am 10.05.2018 um 18:27 schrieb Mihir Shirali: > > Hi Team, > > > > We have haproxy installed on a server which is being used primarily for > front > > endin

Re: Haproxy support for handling concurrent requests from different clients

2018-05-11 Thread Mihir Shirali
ote: > Hi Mihir. > > Am 11.05.2018 um 05:57 schrieb Mihir Shirali: > > Hi Aleksandar, > > > > Why do you add http header for a tftp service? > > Do you really mean https://de.wikipedia.org/wiki/Trivial_File_Transfer_ > Protocol > > <https://de.wikipe

Re: Haproxy support for handling concurrent requests from different clients

2018-05-16 Thread Mihir Shirali
Thanks Jamo! This is just what we were looking for! On Tue, May 15, 2018 at 10:17 PM, Jarno Huuskonen wrote: > Hi, > > On Fri, May 11, Mihir Shirali wrote: > > I did look up some examples for setting 503 - but all of them (as you've > > indicated) seem based on

maxsslconn vs maxsslrate

2018-06-06 Thread Mihir Shirali
Hi Team, We use haproxy to front tls for a large number of endpoints, haproxy prcesses the TLS session and then forwards the request to the backend application. What we have noticed is that if there are a large number of connections from different clients - the CPU usage goes up significantly. Thi

Re: maxsslconn vs maxsslrate

2018-06-07 Thread Mihir Shirali
[TRACE] trace On Thu, Jun 7, 2018 at 2:13 PM, Aleksandar Lazic wrote: > Hi Mihir. > > On 07/06/2018 10:27, Mihir Shirali wrote: > >> Hi Team, >> >> We use haproxy to front tls for a large number of endpoints, haproxy >> prcesses the TLS session and

Re: maxsslconn vs maxsslrate

2018-06-07 Thread Mihir Shirali
I'd like to know and understand is why that is the case. I am using nbproc set to 2. On Thu, Jun 7, 2018 at 2:43 PM, Aleksandar Lazic wrote: > On 07/06/2018 14:30, Mihir Shirali wrote: > >> We have a large number of ip phones connecting to this port. They could >> be as lar

Controlling list of "Acceptable CA names"

2017-01-07 Thread Mihir Shirali -X (mshirali - INFOSYS LIMITED at Cisco)
Hi All, We have a scenario where HA proxy might send a large of "Acceptable client certificate CA names" to the client as part of the "Certificate Request" message. What we see on the client side, is that it balks with the following error: >>> TLS 1.2 Alert [length 0002], fatal illegal_paramete