SSL is now vulnerable to session hijacking in some circumstances. If your site runs SSL/TLS, the compression needs to be off.
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor/19914#19914
Tag: ssl
Haproxy SSL support
Finally. Haproxy added native SSL support. You could always use stunnel which made for a pretty ugly configuration, though I tended to prefer Nginx, which does a pretty effective job at SSL termination.
In any case, assuming the performance is on par, this is a key new feature in a product which is already a rock solid load balancer and is as good at core functions as any commercial product.
http://blog.exceliance.fr/2012/09/04/howto-ssl-native-in-haproxy/
SSL decryption
This is a useful technique. The need to decrypt SSL traffic from packet dumps comes up pretty frequently.
http://www.imperialviolet.org/2012/06/25/wireshark.html
Recent Comments