Benchmarking SSL performance
Introduction The story Recently, there has been some attacks against website which aimed to steal user identity. In order to protect their users, major website owners had to find a solution....
View ArticleScaling out SSL
Synopsis We’ve seen recently how we could scale up SSL performance. But what about scaling out SSL performance? Well, thanks to Aloha and HAProxy, it’s easy to manage smartly a farm of SSL accelerator...
View ArticleEnhanced SSL load-balancing with Server Name Indication (SNI) TLS extension
Synopsis Some time ago, we wrote an article which explained how to load-balance SSL services, maintaining affinity using the SSLID. The main limitation of this kind of architecture is that you must...
View ArticleHOWTO SSL native in HAProxy
IMPORTANT NOTE: this article has been outdated since HAProxy-1.5-dev12 has been released (10th of September). For more information about SSL inside HAProxy. please read: How to get SSL with HAProxy...
View ArticleHow to get SSL with HAProxy getting rid of stunnel, stud, nginx or pound
Update: HAProxy can now handle SSL client certificate: SSL Client certificate management at application level History HAProxy is well know for its performance as a reverse-proxy and load-balancer and...
View ArticleSSL Client certificate management at application level
HAProxy and SSL The history of SSL in HAProxy is very short: around one month ago, we announced the ability for HAProxy to offload SSL from the servers. HAProxy SSL stack comes with some advanced...
View ArticleMitigating the SSL Beast attack using the ALOHA Load-Balancer / HAProxy
The beast attack on SSL isn’t new, but we have not yet published an article to explain how to mitigate it with the ALOHA or HAProxy. First of all, to mitigate this attack, you must use the...
View ArticleSSL offloading impact on web applications
SSL Offloading Nowadays, it is common (and convenient) to use the Load-Balancer SSL capabilities to cypher/uncypher traffic from clients to the web application platform. Performing SSL at the...
View ArticleSSL Client certificate information in HTTP headers and logs
HAProxy and SSL HAProxy has many nice features when speaking about SSL, despite SSL has been introduced in it lately. One of those features is the client side certificate management, which has already...
View ArticleConfiguring HAProxy and Nginx for SPDY
Introduction to SPDY / HTTP-bis SPDY is a protocol designed by google which aims to fix HTTP/1.1 protocol weaknesses and to adapt this 14 years old protocol to today’s internet devices and...
View ArticleHow to protect application cookies while offloading SSL
SSL offloading SSL offloading or acceleration is often seen as a huge benefit for applications. People usually forget that it may have impacts on the application itself. Some times ago, I wrote a blog...
View ArticleHAProxy and sslv3 poodle vulnerability
SSLv3 poodle vulnerability Yesterday, Google security researchers have disclosed a new vulnerability on SSL protocol. Fortunately, this vulnerability is only on an old version of the SSL protocol:...
View ArticleServing ECC and RSA certificates on same IP with HAproxy
ECC and RSA certificates and HTTPS To keep this practical, we will not go into theory of ECC or RSA certificates. Let’s just mention that ECC certificates can provide as much security as RSA with much...
View ArticleDynamic Application Routing Over SSL with HAProxy Enterprise Edition...
Back in May, HAProxy Senior Systems Engineer Chad Lavoie presented at the OpenStack Summit Boston. Chad presented on using maps in HAProxy to dynamically route requests while securing your site with...
View Article
More Pages to Explore .....