Hello, I upgraded to HAProxy 2.0.5 (from 1.9) and found an issue when i tried to add retry-on option. TCP backend seems to answer to one or two requests and then crash HAProxy:
My simplified conf: defaults [...] retries 3 option abortonclose http-reuse safe retry-on conn-failure 0rtt-rejected 503 listen SMTPS2_PROD bind 0.0.0.0:587 mode tcp balance roundrobin server s1 1.1.1.1:586 server s2 1.1.1.2:586 I get in logs: Aug 30 14:48:49 s1 haproxy[3071]: [ALERT] 241/144849 (3071) : Current worker #1 (3072) exited with code 139 (Segmentation fault) With option, i get: └──╼ openssl s_client -connect server:587 -starttls smtp CONNECTED(00000003) Didn't find STARTTLS in server response, trying anyway... write:errno=32 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 23 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) Sow few requests success.. Without option, server is stable: ──╼ openssl s_client -connect server:587 -starttls smtp ^[[A CONNECTED(00000003) [...] --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3843 bytes and written 483 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: yyy Session-ID-ctx: Master-Key: 5xxx PSK identity: None PSK identity hint: None SRP username: None Start Time: 1567167549 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes Louis --- -- Louis Chanouha | Infrastructures informatiques Service Numérique de l'Université de Toulouse Université Fédérale Toulouse Midi-Pyrénées Maison de la Recherche et de la Valorisation - MRV 118 route de Narbonne - 31062 Toulouse Cedex 09 Tél. : +33 5 61 10 80 45 / poste int. : 12 80 45 louis.chano...@univ-toulouse.fr Facebook | Twitter | www.univ-toulouse.fr