Hi Nenad,
>> Well, its not supposed to look like this, there is clearly something >> wrong. Master key fluctuates between the requests with TLS tickets >> and the reuse collumn shows failure. > > Looks like a haproxy bug, I think I can reproduce it. > > Can you try with EXACTLY 3 keys in /tmp/tls_ticket_keys? there seems to be a bug in the handling of the tls-ticket-keys file. When there are 5 or more ticket keys in the file, clients using TLS tickets can no longer resume the TLS session (and fallback to full negotiation): https://gist.github.com/anonymous/6ec7c863f497cfd849a4 Workaround would be to remove the oldest key from the file, so that the number of keys in the file remains below 5. cheers, Lukas
