Knowledge Base | SSL
Let’s Encrypt (ACMEv2) for HAProxy
Adis NezirovićHAProxy Technologies is proud to announce the availability of an integrated Let’s Encrypt ACMEv2 Lua client for HAProxy and HAProxy Enterprise (HAPEE). HAProxy Enterprise comes bundled with Lua support in a precompiled binary conveniently distributed using your Linux...
TLS 1.3 and 0-RTT in HAProxy
HAProxy Technologies R&D TeamTransport Layer Security (TLS) is a cryptographic protocol that enables secure communications over a computer network. It has been in widespread use on the Internet for various services, such as e-commerce, web browsing, and instant messaging. TLS has also been made...
SSL Client Certificate Information in HTTP Headers and Logs
Baptiste AssmannHAProxy and SSL HAProxy has many nice features when speaking about SSL, despite SSL has been introduced in it lately. One of those features is the client side certificate management, which has already been discussed on the blog. One thing was missing in the article,...
SSL Offloading Impact on Web Applications
Baptiste AssmannSSL Offloading Nowadays, it is common (and convenient) to use the Load-Balancer SSL capabilities to cypher/uncypher traffic from clients to the web application platform. Performing SSL at the Load-Balancer Layer is called "SSL offloading", because you offload this...
SSL Client Certificate Management at Application Level
Baptiste AssmannHAProxy and SSL The history of SSL in HAProxy is very short: around one month ago, we announced the ability for HAProxy to offload SSL from the servers. HAProxy SSL stack comes with some advanced features like TLS extension SNI. Well, since yesterday afternoon...
Enhanced SSL Load Balancing with Server Name Indication (SNI) TLS Extension
Baptiste AssmannSynopsis Some time ago, we wrote an article which explained how to load-balance SSL services, maintaining affinity using the SSLID. The main limitation of this kind of architecture is that you must dedicate a public IP address and port per service. If you're hosting...
Maintain Affinity Based on SSL Session ID
Baptiste AssmannSynopsis When load balancing HTTPS, we can't have access to HTTP protocol since everything is encrypted. So it's hard to maintain connection persistence in such condition. Aloha load balancer allows you to maintain HTTPS sessions based on SSL connection ID. That way,...
