Knowledge Base | SSL
HAProxy SSL Termination
The HAProxy load balancer provides high-performance SSL termination, allowing you to encrypt and decrypt traffic. You can quickly and easily enable SSL/TLS encryption for your applications by using HAProxy SSL termination. HAProxy is compiled with OpenSSL, which...
Let’s Encrypt (ACMEv2) for HAProxy
HAProxy Technologies is proud to announce the availability of an integrated Let’s Encrypt ACMEv2 Lua client for HAProxy and HAProxy Enterprise (HAPEE). HAProxy Enterprise comes bundled with Lua support in a precompiled binary conveniently distributed using your Linux...
TLS 1.3 and 0-RTT in HAProxy
Transport Layer Security (TLS) is a cryptographic protocol that enables secure communications over a computer network. It has been in widespread use on the Internet for various services, such as e-commerce, web browsing, and instant messaging. TLS has also been made...
SSL Client Certificate Information in HTTP Headers and Logs
HAProxy and SSL HAProxy has many nice features when speaking about SSL, despite SSL has been introduced in it lately. One of those features is the client side certificate management, which has already been discussed on the blog. One thing was missing in the article,...
SSL Offloading Impact on Web Applications
SSL Offloading Nowadays, it is common (and convenient) to use the Load-Balancer SSL capabilities to cypher/uncypher traffic from clients to the web application platform. Performing SSL at the Load-Balancer Layer is called "SSL offloading", because you offload this...
SSL Client Certificate Management at Application Level
HAProxy and SSL The history of SSL in HAProxy is very short: around one month ago, we announced the ability for HAProxy to offload SSL from the servers. HAProxy SSL stack comes with some advanced features like TLS extension SNI. Well, since yesterday afternoon...
Enhanced SSL Load Balancing with Server Name Indication (SNI) TLS Extension
Synopsis Some time ago, we wrote an article which explained how to load-balance SSL services, maintaining affinity using the SSLID. The main limitation of this kind of architecture is that you must dedicate a public IP address and port per service. If you're hosting...
Maintain Affinity Based on SSL Session ID
Synopsis When load balancing HTTPS, we can't have access to HTTP protocol since everything is encrypted. So it's hard to maintain connection persistence in such condition. Aloha load balancer allows you to maintain HTTPS sessions based on SSL connection ID. That way,...
