Haproxy core-dumps on Solaris/SPARC

Hello gentleman, I was advised to send this your way ( http://discourse.haproxy.org/t/haproxy-core-dumps-on-solaris-sparc/1197/2) This is probably an issue with the way I'm compiling it (which is here: https://pastebin.com/htEZTwBM) but I'm getting an immediate core dump when running haproxy

Re: Lua Applet Unable to Add Connection: close Header

Hi. When we use applet, haproxy negociate the conection. (Http version / keepalive). So if the keepalive is enabled and it is accepted by the client, haproxy use keepalive and remove the header close. If you don't want keepalive, remove it from the haproxy configuration. Thierry Le 27 avril

[RFC-PATCH] MINOR: ssl: add prefer-server-ciphers again

Currently we unconditionally set SSL_OP_CIPHER_SERVER_PREFERENCE [1], which may not always be a good thing. The benefit of server side cipher prioritization may not apply to all cases out there, and it appears that the various SSL libs are going away from this recommendation ([2], [3]), as

Re: [Patches] TLS methods configuration reworked

> Le 28 avr. 2017 à 16:51, Emeric Brun a écrit : > > Hi Manu, > >>> >> >> yes, i delayed this change (lack of time). >> last patch with 'ssl-min-ver' and 'ssl-max-ver' with argument SSLv3, >> TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 >> >> Manu >> >> > > Could you please

Re: [Patches] TLS methods configuration reworked

Hi Emeric, Willy Up the thread with a compatible configuration view. 1) force-xx force-tlsv12 no-tlsv12 old: do a force-tlsv12 (no-xx ignored without warning) new: warning "all SSL/TLS versions are disabled » It’s not a good configuration, but… It can be changed with: . no-xx ignored when

Re: [Patches] TLS methods configuration reworked

Hi Manu, >> > > yes, i delayed this change (lack of time). > last patch with 'ssl-min-ver' and 'ssl-max-ver' with argument SSLv3, > TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 > > Manu > > Could you please rebase your patch set on the master and split them by features. The latest feature seems

[PATCH] doc: update RFC references

--- A few doc and code comment updates bumping RFC references to the new ones. --- doc/configuration.txt | 12 ++-- include/common/defaults.h | 2 +- include/proto/proto_http.h | 2 +- include/types/proto_http.h | 4 ++-- src/haproxy.c | 4 ++-- src/proto_http.c

HAProxy 1.7.5 forwards requests blockwise

Hello everyone, we are currently evaluating HAProxy 1.7.5 as a load balancer for one of our applications. To try out how it is performance wise on Solaris 11 we set up a small test environment of three zones containing: 1x HAProxy zone using this config (https://pastebin.com/pRkS1awt) 2x

Re: OpenSSL engine and async support

Hi Grant, >>> >> >> I've made a POC of a soft async engine. Based on dasync engine it launchs a >> thread on priv_rsa_enc to spread the load on multiple cores. >> >> Regarding openssl s_server it is efficient and scale very well depending the >> number of core (1700 rsa2048/s on one core, 7400

Automatic Certificate Switching Idea

Hello! I am managing a few haproxy instances that each manage a good number of domains and do the TLS termination on behalf of what you might call “hosted” sites. Most of the clients connecting to these haproxys implement certificate pinning and verify that the certificate presented by the