Tag Archives: sslid

SSL Client certificate information in HTTP headers and logs

HAProxy and SSL HAProxy has many nice features when speaking about SSL, despite SSL has been introduced in it lately. One of those features is the client side certificate management, which has already been discussed on the blog. One thing … Continue reading

Posted in Aloha, HAProxy, ssl | Tagged , , , , , , , , | Leave a comment

HAProxy log customization

Synopsis One of the strength of HAProxy is its logging system. It is very verbose and provides many information. HAProxy HTTP log line is briefly explained in an HAProxy Technologies memo. It’s a must have document when you have to … Continue reading

Posted in HAProxy, layer7, performance | Tagged , , , , , , | 3 Comments

SSL Client certificate management at application level

HAProxy and SSL The history of SSL in HAProxy is very short: around one month ago, we announced the ability for HAProxy to offload SSL from the servers. HAProxy SSL stack comes with some advanced features like TLS extension SNI. … Continue reading

Posted in Aloha, architecture, HAProxy, layer7, security, ssl | Tagged , , , , , , | 22 Comments

How to get SSL with HAProxy getting rid of stunnel, stud, nginx or pound

Update: HAProxy can now handle SSL client certificate: SSL Client certificate management at applicationĀ level History HAProxy is well know for its performance as a reverse-proxy and load-balancer and is widely deployed on web platforms where performance matters. It is sometimes … Continue reading

Posted in HAProxy, layer7, ssl | Tagged , , , , , , | 65 Comments

HOWTO SSL native in HAProxy

IMPORTANT NOTE: this article has been outdated since HAProxy-1.5-dev12 has been released (10th of September). For more information about SSL inside HAProxy. please read: How to get SSL with HAProxy getting rid of stunnel, stud, nginx orĀ pound Synopsis Since yesterday … Continue reading

Posted in HAProxy, layer7, ssl | Tagged , , , , , , | 28 Comments

Enhanced SSL load-balancing with Server Name Indication (SNI) TLS extension

Synopsis Some time ago, we wrote an article which explained how to load-balance SSL services, maintaining affinity using the SSLID. The main limitation of this kind of architecture is that you must dedicate a public IP address and port per … Continue reading

Posted in architecture, HAProxy, optimization, ssl | Tagged , , , , , | 16 Comments

Scaling out SSL

Synopsis We’ve seen recently how we could scale up SSL performance. But what about scaling out SSL performance? Well, thanks to Aloha and HAProxy, it’s easy to manage smartly a farm of SSL accelerator servers, using persistence based on the … Continue reading

Posted in benchmark, optimization, ssl | Tagged , , , | 8 Comments