FS#60411 - [haproxy] HAProxy 1.8 does not work with OpenSSL 1.1.1.
Attached to Project:
Community Packages
Opened by Sten Aus (aus) - Monday, 15 October 2018, 09:14 GMT
Last edited by Johannes Löthberg (demize) - Saturday, 20 October 2018, 13:06 GMT
Opened by Sten Aus (aus) - Monday, 15 October 2018, 09:14 GMT
Last edited by Johannes Löthberg (demize) - Saturday, 20 October 2018, 13:06 GMT
|
Details
HAProxy 1.8 will fail working with OpenSSL 1.1.1. At least
when using client certificates.
HAProxy forwards 80 to 443, then does SSL offload, sends necessary headers and forwards request to worker Apache port 80. After receiving client certificate web browser shows SSL ERROR (Unknown SSL protocol error). Downloaded HAProxy 1.9-dev3 from git and compiling it with: "make TARGET=linux24 USE_GETADDRINFO=1 USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 USE_PCRE_JIT=1" Got working solution. Time of writing: HAProxy 1.9 stable release date is unknown. |
This task depends upon
Closed by Johannes Löthberg (demize)
Saturday, 20 October 2018, 13:06 GMT
Reason for closing: Fixed
Additional comments about closing: 1.8.14-1
Saturday, 20 October 2018, 13:06 GMT
Reason for closing: Fixed
Additional comments about closing: 1.8.14-1
you should rebuild the package (and bump version to 1.8.14 because it fixes CVE-2018-14645 and a few other bugs).
get the pkgbuild file from there https://git.archlinux.org/svntogit/community.git/tree/trunk?h=packages/haproxy