Category Archives: ssl

HAProxy and sslv3 poodle vulnerability

SSLv3 poodle vulnerability Yesterday, Google security researchers have disclosed a new vulnerability on SSL protocol. Fortunately, this vulnerability is only on an old version of the SSL protocol: SSLv3 (15 years old protocol). An attacker can force a browser to … Continue reading

Posted in HAProxy, security, ssl | Tagged , , , , | 7 Comments

How to protect application cookies while offloading SSL

SSL offloading SSL offloading or acceleration is often seen as a huge benefit for applications. People usually forget that it may have impacts on the application itself. Some times ago, I wrote a blog article which lists these impacts and … Continue reading

Posted in HAProxy, security, ssl | 1 Comment

Configuring HAProxy and Nginx for SPDY

Introduction to SPDY / HTTP-bis SPDY is a protocol designed by google which aims to fix HTTP/1.1 protocol weaknesses and to adapt this 14 years old protocol to today’s internet devices and requirements. Back in 1999, when HTTP/1.1 was designed, … Continue reading

Posted in architecture, HAProxy, layer7, ssl | Tagged , , , , | 1 Comment

SSL Client certificate information in HTTP headers and logs

HAProxy and SSL HAProxy has many nice features when speaking about SSL, despite SSL has been introduced in it lately. One of those features is the client side certificate management, which has already been discussed on the blog. One thing … Continue reading

Posted in Aloha, HAProxy, ssl | Tagged , , , , , , , , | Leave a comment

SSL offloading impact on web applications

SSL Offloading Nowadays, it is common (and convenient) to use the Load-Balancer SSL capabilities to cypher/uncypher traffic from clients to the web application platform. Performing SSL at the Load-Balancer Layer is called “SSL offloading“, because you offload this process from … Continue reading

Posted in Aloha, architecture, HAProxy, ssl | Tagged , , , | 8 Comments

Mitigating the SSL Beast attack using the ALOHA Load-Balancer / HAProxy

The beast attack on SSL isn’t new, but we have not yet published an article to explain how to mitigate it with the ALOHA or HAProxy. First of all, to mitigate this attack, you must use the Load-Balancer as the … Continue reading

Posted in Aloha, exchange 2010, Exchange 2013, HAProxy, security, ssl | Tagged , , , | 2 Comments

SSL Client certificate management at application level

HAProxy and SSL The history of SSL in HAProxy is very short: around one month ago, we announced the ability for HAProxy to offload SSL from the servers. HAProxy SSL stack comes with some advanced features like TLS extension SNI. … Continue reading

Posted in Aloha, architecture, HAProxy, layer7, security, ssl | Tagged , , , , , , | 22 Comments