> If thats not it, and no old haproxy instances are present after the
> reload, could you compile Vincent's rfc5077-client from [1]:
> Output can be find here
> : https://gist.github.com/anonymous/6ec7c863f497cfd849a4
> (HTTP 500 error is normal, as you are using HEAD / HTTP/1.0 and our web
> servers require a Host header)
Well, its not supposed to look like this, there is clearly something
wrong. Master key fluctuates between the requests with TLS tickets
and the reuse collumn shows failure.
Are there any middleboxes between the server and the client? Can
you try directly on the server so it doesn't leave the box (specifically
it doesn't cross any firewalls or other SSL/TLS intercepting MITM).
Lukas
