Reference

set rate-limit ssl-sessions global

Set the process-wide SSL session rate limit.

Description Jump to heading

By setting the global setting maxsslrate, you can limit the rate at which the load balancer creates SSL sessions. When it reaches the limit, it stops accepting new connections. In the snippet below, 1,000 SSL sessions per second are allowed:

haproxy
global
maxsslrate 1000
haproxy
global
maxsslrate 1000

By default, it’s set to 0, which means unlimited.

Use the set rate-limit ssl-sessions global command to change the global maxsslrate setting dynamically.

Examples Jump to heading

Below, we set the global SSL session rate limit to 5,000 sessions per second:

bash
echo "set rate-limit ssl-sessions global 5000" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
bash
echo "set rate-limit ssl-sessions global 5000" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999

See also Jump to heading

If this page was useful, please, Leave the feedback.