Hi Olivier, The `retry-on 0rtt-rejected` will only work in tcp mode, is that possible to let it work in http mode too?
On Mon, May 6, 2019 at 4:37 AM Olivier Houchard <ohouch...@haproxy.com> wrote: > > Hi Igor, > > On Mon, May 06, 2019 at 12:26:33AM +0800, Igor Pav wrote: > > Hi, Olivier, thanks for the effort. So can we force the server always > > to carry data to remote via 0RTT like below scenario(to protect > > http2http in unsecured env)? > > > > listen http -- server default x.x ssl allow-0rtt ----(SSL)---- bind > > x.x ssl allow-0rtt -- http backend > > > > As it is currently, no. Haproxy will never attempt to use 0RTT on server > connections if the client didn't use 0RTT. > 2.0, however, which should be released in a not to distant future, will let > you do that, with the new "retry-on" feature. > > Regards, > > Olivier > >
