Fwd: [haproxy/haproxy] BUG/MAJOR: server: Segfault after parsing server state file. (0bedb8a)

Hi list the following comment has been posted to GitHub on commit 0bedb8ac90ffdf1498a999c44d1c91556fb726ee https://github.com/haproxy/haproxy/commit/0bedb8ac90ffdf1498a999c44d1c91556fb726ee#commitcomment-29087381 Best regards Tim Düsterhus Weitergeleitete Nachricht Betreff:

Re: DNS resolver + threads, 100% cpu usage / hang 1.9dev

Hi Olivier, Op 22-5-2018 om 18:46 schreef Olivier Houchard: Hi Pieter, Does the attached patch fix it for you ? It's been generated from master, but will probably apply against 1.8 as well. Thanks ! Olivier Patch works for me (on master, didn't try with 1.8). Or at least i'm running the

Re: [PATCH] lua & threads

Hi Thierry, On Mon, May 21, 2018 at 07:58:01PM +0200, Thierry Fournier wrote: > Hi, > > You will two patches in attachment. > > - The first fix some Lua error messages thanks, I've merged this one already. > - The second fix a build error. This second should be reviewed because, I'm > not

Re: [RFC PATCH] MINOR: ssl: set SSL_OP_PRIORITIZE_CHACHA

On Tue, May 22, 2018 at 04:28:38PM +0200, Emeric Brun wrote: > Hi Lukas, Willy, > > On 05/18/2018 05:55 PM, Lukas Tribus wrote: > > Sets OpenSSL 1.1.1's SSL_OP_PRIORITIZE_CHACHA unconditionally, as per [1]: > > > > When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize > >

Re: DNS resolver + threads, 100% cpu usage / hang 1.9dev

Hi Pieter, On Sun, May 20, 2018 at 02:07:43AM +0200, PiBa-NL wrote: > Hi List, > > With 1.8.8 ran into this, tried latest 1.9dev snapshot seems to have the > same issue.. > > Running with 3 threads, a template for 8 servers, and only 2 ip's in the dns > response, neither of which is actually

Re: Dynamically adding/deleting SSL certificates

Hi Auréline On 05/18/2018 11:07 AM, Aurélien Nephtali wrote: > Hello, > > On Wed, Apr 18, 2018 at 9:34 PM, Aurélien Nephtali > wrote: >> Hello, >> >> I have some patches to support dynamically loading and unloading PEM >> certificates through the CLI. It is mainly a

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

On 05/22/2018 04:19 PM, Emeric Brun wrote: > Hi Sander, > > On 05/22/2018 02:04 PM, Sander Hoentjen wrote: >> On 05/22/2018 12:04 PM, Lukas Tribus wrote: >>> Hello, >>> >>> On 22 May 2018 at 11:48, Sander Hoentjen wrote: I did, but I still experience the same issues. What

Re: [RFC PATCH] MINOR: ssl: set SSL_OP_PRIORITIZE_CHACHA

Hi Lukas, Willy, On 05/18/2018 05:55 PM, Lukas Tribus wrote: > Sets OpenSSL 1.1.1's SSL_OP_PRIORITIZE_CHACHA unconditionally, as per [1]: > > When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize > ChaCha20-Poly1305 ciphers to the top of the server cipher list if a >

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

Hi Sander, On 05/22/2018 02:04 PM, Sander Hoentjen wrote: > On 05/22/2018 12:04 PM, Lukas Tribus wrote: >> Hello, >> >> On 22 May 2018 at 11:48, Sander Hoentjen wrote: >>> I did, but I still experience the same issues. What is your exact >>> haproxy version you tested with?

SNI matching issue when hostname ends with trailing dot

Hi HAProxy list We use an HAProxy 1.7.11 instance to terminate SSL and load balance 100+ websites. The simplified bind line below specifies a default cert (i.e. secure.example.com.pem) as required in this HAProxy version, and a directory path to all other certs (i.e. ./): bind

Re: BUG: ssl: regression with openssl 1.1.1 when using <= TLSv1.2

Hello Emeric, On 22 May 2018 at 14:44, Emeric Brun wrote: > Hi Lukas, > > I've just made some tests using openssl-1.1.1-pre6 and can't reproduce the > issue. > > here my simple configuration: > frontend my > mode http > bind :443 ssl crt default strict-sni >

Re: BUG: ssl: regression with openssl 1.1.1 when using <= TLSv1.2

Hi Lukas, I've just made some tests using openssl-1.1.1-pre6 and can't reproduce the issue. here my simple configuration: frontend my mode http bind :443 ssl crt default strict-sni redirect location / (default certificate CN is aloha) I've tested with

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

On 05/22/2018 12:04 PM, Lukas Tribus wrote: > Hello, > > On 22 May 2018 at 11:48, Sander Hoentjen wrote: >> I did, but I still experience the same issues. What is your exact >> haproxy version you tested with? Mine is 1.8.8 >> Built with OpenSSL version : OpenSSL 1.1.1-pre6

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

Hello, On 22 May 2018 at 11:48, Sander Hoentjen wrote: > I did, but I still experience the same issues. What is your exact > haproxy version you tested with? Mine is 1.8.8 > Built with OpenSSL version : OpenSSL 1.1.1-pre6 (beta) 1 May 2018 > Running on OpenSSL version :

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

On 05/19/2018 04:55 PM, Lukas Tribus wrote: > Hello, > > > On 19 April 2018 at 11:09, Sander Hoentjen wrote: >> I just tried 1.1.1-pre5, and I still have the same issue. > I'm running 1.1.1-pre6 now with good results. You may want to check that out. I did, but I still

SSL certs loading performance regression

Hello HAProxy ML, I tracked down a performance regression about loading bunch of certificates, at least 3x to 5x more time for loading 10 certs since this commit http://git.haproxy.org/?p=haproxy-1.8.git;a=commitdiff;h=f6b37c67be277b5f0ae60438d796ff29ef19be40 This regression is 1.8 specific,