Le 16 nov. 2010 à 12:27, Willy Tarreau <w...@1wt.eu> a écrit : > Hello, > > On Sun, Nov 07, 2010 at 04:15:18PM +0100, Sebastien Estienne wrote: >> Hello, >> >> Is there any news about SSL support? > > Yes there are some news, we'll have to work on it at Exceliance.
this is great news, any early timeframe even fuzzy? > >> With current server's hardware having 8 cores or more, offering SSL is >> quite cheap. > > Hehe one thing at a time : haproxy right now only uses one core. Let's > first have SSL and only then see how we can make use of more cores. > The really difficult part is to try to use more cores without slowing > down the overall processing due to very common synchronization. This > implies massive changes to ensure that there's almost no shared data > between processes or threads. > i thought haproxy could use more than one core with a prefork model like nginx? >> Moreover with tools like firesheep getting widespread offering SSL to >> our users become an important feature > > Firesheep is doing nothing more than what has been done for decades with > many other tools. The same people who believe their traffic cannot be > sniffed by their coworker because they connect via a switch won't care > about having their SSL session hijacked with an invalid certificate. > We all agree with this like irc and newsgroups existed before emule and biittorent :) But with easy tools like this we can t "hide" the problem anymore. (like adobe does with rtmpe) >> I know that it's possible to use stunnel, but it would be better to >> have SSL support built in haproxy > > Yes indeed. At least stunnel already lets us assemble the bricks to > build whatever we want, eventhough the configs are sometimes tough ! > > Regards, > Willy > thanx.
