Re: Haproxy and ssl

From: Willy Tarreau <>
Date: Sat, 29 Sep 2007 10:16:18 +0200

Hi Kaye,

On Mon, Sep 24, 2007 at 02:55:17PM +1000, Kaye Ng wrote:
> Hi,
> I noticed on the website that haproxy currently does not support ssl.
> Are there any plans to support ssl and if so, is there a rough idea of
> when that would occur?

Yes, there are plans to implement it. But quite a bit of the core code need to be reworked for this. Basically, the internal architecture makes the system very fast because data is never copied, the same buffers are used for reads and writes. This will not be possible anymore with SSL, and one or two copies will be needed, meaning 2 or 3 buffers. I have some plans to implement some sort of "protocol stacks" within the code in order to achieve this without too much hassle. But no roadmap yet, it will take a long time.

If you really need SSL, I strongly suggest that you look at stunnel. It's a very nice and performant piece of software. There is a patch on my site to make it add the X-Forwarded-For header in HTTP requests. I could really say that stunnel's existence is one of the reasons I don't want to waste time working on SSL ;-)

> Thanks for your help.
> Cheers,
> Kaye.

Willy Received on 2007/09/29 10:16

This archive was generated by hypermail 2.2.0 : 2007/11/04 19:21 CET