CRIME Attack

SSL is now vulnerable to session hijacking in some circumstances. If your site runs SSL/TLS, the compression needs to be off.





Haproxy SSL support

Finally. Haproxy added native SSL support. You could always use stunnel which made for a pretty ugly configuration, though I tended to prefer Nginx, which does a pretty effective job at SSL termination.

In any case, assuming the performance is on par, this is a key new feature in a product which is already a rock solid load balancer and is as good at core functions as any commercial product.




SSL decryption

This is a useful technique. The need to decrypt SSL traffic from packet dumps comes up pretty frequently.



© 2021 Mind End

Theme by Anders NorénUp ↑