Hi again,
2016-03-24 21:15 GMT+01:00 Lukas Tribus <luky...@hotmail.com>: > Hi Nenad, > > > >> Well, its not supposed to look like this, there is clearly something > >> wrong. Master key fluctuates between the requests with TLS tickets > >> and the reuse collumn shows failure. > > > > Looks like a haproxy bug, I think I can reproduce it. > > > > Can you try with EXACTLY 3 keys in /tmp/tls_ticket_keys? > Tried and now behaviour is like expected ! https://gist.github.com/anonymous/779fbc4f1cf8b23e9b1f And, I can confirm that now, CPU is not doubled \o/ > there seems to be a bug in the handling of the tls-ticket-keys file. > > When there are 5 or more ticket keys in the file, clients using TLS tickets > can no longer resume the TLS session (and fallback to full negotiation): > > https://gist.github.com/anonymous/6ec7c863f497cfd849a4 > > > Workaround would be to remove the oldest key from the file, so > that the number of keys in the file remains below 5. > That's what I did : keep last 2 keys and add a new one. Olivier
