Re: [PATCH] use SSL_CTX_set_ecdh_auto() for ecdh curve selection

On Mon, Apr 18, 2016 at 3:02 PM, Janusz Dziemidowicz <rrapt...@nails.eu.org> wrote: > 2016-04-15 16:50 GMT+02:00 David Martin <dmart...@gmail.com>: >> I have tested the current patch with the HAProxy default, a list of curves, >> a single curve and also an incorrect

Re: [PATCH] use SSL_CTX_set_ecdh_auto() for ecdh curve selection

On Apr 15, 2016 4:24 AM, "Janusz Dziemidowicz" <rrapt...@nails.eu.org> wrote: > > 2016-04-14 17:39 GMT+02:00 David Martin <dmart...@gmail.com>: > > Here's a revised patch, it throws a fatal config error if > > SSL_CTX_set1_curves_list() fails. The def

Re: [PATCH] use SSL_CTX_set_ecdh_auto() for ecdh curve selection

Here's a revised patch, it throws a fatal config error if SSL_CTX_set1_curves_list() fails. The default echde option is used so current configurations should not be impacted. Sorry Janusz, forgot the list on my reply. On Thu, Apr 14, 2016 at 10:37 AM, David Martin <dmart...@gmail.com>

[PATCH] use SSL_CTX_set_ecdh_auto() for ecdh curve selection

This is my first attempt at a patch, I'd love to get some feedback on this. Adds support for SSL_CTX_set_ecdh_auto which is available in OpenSSL 1.0.2. From 05bee3e95e5969294998fb9e2794ef65ce5a6c1f Mon Sep 17 00:00:00 2001 From: David Martin <dmart...@gmail.com> Date: Wed, 13 Apr 2016 15

Re: Reloading haproxy without dropping connections

We use the iptables syn drop method, works fine; the additional 1 sec in response time for the tiny number of new connections doesn't bother us as we are not restarting multiple time per hour. On Fri, Jan 22, 2016 at 11:01 AM, CJ Ess wrote: > The yelp solution I can't do

responses from disabled servers

I just want to say first of all that haproxy is incredibly useful and I've enjoyed working with it tremendously. Thank you! My question is if a server is disabled because of a failed http health check and there are requests in flight, will the requests from the disabled app be returned to the