Hi Lukas, Thank you! This really seems to be the case. Did many tests and tcpdumps - TLS session tickets are being exchanged.
If I align the browser to SSLv3, only it works. Thanks and Best Regards, Volker // On Mon, Apr 14, 2014 at 12:20:33PM +0200, // Lukas Tribus <[email protected]> wrote: > > > Hi Volker, > > > > Sometimes, the Serverhello/Clienthello contains an empty session ID. > > Is it possible that HAProxy has problems with this behaviour? > > If there is no session id, HAproxy can't fix the session to a server. > > > > > Any idea? > > There is a good chance that your backend supports both SSL session > resumption *and* TLS tickets. In case TLS tickets hops in, SSL session > will not be used and HAProxy therefor can't stick to the correct > server. > > Disabling TLS Tickets on your backend could fix that particular issue. > > > > > Regards, > > Lukas > >
