> Ok, when you say CPU usage double do you mean the CPU usage after > a reload/restart, or do you mean CPU usage in general (even after not > reloading haproxy)? > CPU is at 100% just after reload for more than 30s (was a few seconds > before) and then CPU usage stays doubled all the time.
Ok, so it looks like resumption doesn't work at all with TLS tickets. Are you sure the haproxy reload works fine - no old haproxy instances run in the background serving obsolete TLS keys? There have been some bugs with reloading haproxy, fixed in 1.6.4. If thats not it, and no old haproxy instances are present after the reload, could you compile Vincent's rfc5077-client from [1]: git clone https://github.com/vincentbernat/rfc5077.git cd rfc5077 make rfc5077-client ./rfc5077-client -4 <server> Make sure you have the dependencies installed from the github page (mainly libssl-dev and pkg-config). cheers, Lukas [1] https://github.com/vincentbernat/rfc5077
