On Mon, Jul 4, 2016 at 5:36 PM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote: > On Mon, Jul 4, 2016 at 5:00 PM, Marat Khalili <mkh@xxxxxx> wrote: >> On 04/07/16 17:29, Eric Covener wrote: >>> >>> SNI is in the ClientHello, you'd be able to eliminate/confirm that bit. >> >> >> Yes you're right. But now I cannot reproduce original problem. And SNI is >> correctly transferred from client in packet capture. Either the problem is >> transient or it's gone. Will post again if I see it appear again. > > The issue fixed in 2.4.20 (no outgoing SNI) would only happen if an > idle connection, about to be reused, was closed remotely by the > backend (because of a keepalive timeout expired on its side), which > caused the proxy to create a new connection without SNI. Thus in affected versions (< 2.4.20), it can be avoided/worked-around by using an idle timeout on the proxy side (the ProxyPass' parameter ttl= in mod_proxy) lower than the KeepAliveTimeout configured on the backend. This is anyway an good setting to synchronize a proxy with its backend (and avoid races conditions regarding reused connections).... > > Regards, > Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|