On Thu, 2 Jul 2020 14:00:48 -0400, Henry Bonath <henry@thebonaths.com>
wrote:
> Note the missing Client Hello on the 6.7 machine as it jumps to
> Application Data straight away.
> Configuration files for HAProxy are identical on both systems.
>
> I'm currently spinning up a machine on -CURRENT just to see if there
> is any difference,
> as there is a newer version of HAProxy in packages under Snapshots.
>
> I was initially going to try to reach out to the package maintainer
> for HAProxy but if this is happening in Relayd, then this "feels
> like" a de-facto bug. I wonder if NGINX would exhibit the same
> behavior.
>
> Has anyone else experienced such behavior with Load-Balancing TLS
> Backends since upgrading to 6.7?
I don't use TLS for my backend (the only backend I use nowadays is on
localhost) so I can't speak for 6.7 (I only use -current, and when
-current was 6.7, I didn't test that).
I just tested my -current haproxy using another -current host of mine
running nginx as a backend with TLS and it worked fine.
backend https
option forwardfor
server web1 ln.chown.me:443 check ssl verify none
and also with "verify required ca-file /etc/ssl/cert.pem"
Maybe some libressl fix happened on -current was not deemed critical
enough to be backported to 6.7?
Cheers,
Daniel
No comments:
Post a Comment