@stevelynn wrote:
I have an application where I'm using HAProxy (1.5.14) to route traffic to different backends. HAProxy terminates the incoming SSL and then re-encrypts to the backend. There seems to be a large number of key exchanges, which is limiting the performance. In a short test (2 min), I sent 50k requests through HAProxy. I observed over 1k key exchanges. Looking further into the packets, it seems that HAProxy is closing the connections to the backends [RST, ACK]. When HAProxy attempts to reuse the session ID after this, the backend service replies with a new session ID. It appears that closing the connection invalidates the session ID on the backend. I believe that I have configured HAProxy correctly with option http-keep-alive.
When does HAProxy close a connection to the backend?
Is there a way to increase the SSL session reuse in the backend?
Posts: 1
Participants: 1