Hi,
> haproxy -vv > HA-Proxy version 1.5-dev26-2e85840 2014/05/28 > Copyright 2000-2014 Willy Tarreau <[email protected]<mailto:[email protected]>> > > Build options : > TARGET = linux2628 > CPU = generic > CC = gcc > CFLAGS = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing > OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1 > > Default settings : > maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 > > Encrypted password support via crypt(3): yes > Built with zlib version : 1.2.8 > Compression algorithms supported : identity, deflate, gzip > Built with OpenSSL version : OpenSSL 1.0.2-beta1 24 Feb 2014 > Running on OpenSSL version : OpenSSL 1.0.2-beta1 24 Feb 2014 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports prefer-server-ciphers : yes > Built with PCRE version : 8.35 2014-04-04 > PCRE library supports JIT : yes > Built with transparent proxy support using: IP_TRANSPARENT > IPV6_TRANSPARENT IP_FREEBIND > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. I need you to keep CC'ing the mailing list, otherwise no one will see your reply. Why are you compiling OpenSSL and PCRE manually? Are you aware that you are using an unstable OpenSSL release lacking 8 critical CVE fixes? Use your system libs, then you will not only have proper privileges set on the files you need to access (the JIT problem), but also benefit from the security fixes. Regards, Lukas
