Troubles of HAproxy 1.5-dev SSL-ID configuration

From: Lauri-Alo Adamson <>
Date: Mon, 9 May 2011 08:41:50 +0300


Anyone has not answered yet for my e-mail its sad ! Is there some kind of haproxy developer mailing list where the development versions are subject of disscussion.  

I have configured a Cisco CSS devices and had some experiences about them. Then I thinked that I try HAproxy development versioon that supports stiky SSL and I installed debian 6.0.1 x86_64 into VMware ESXi vitrualmahine and installed HAproxy 1.5-dev6 . After that I tried to create HAproxy configuration

that uses sticky SSL sessions and try to start Haproxy i had following terror message  

root#haproxy:# /usr/local/sbin/haproxy -f /etc/haproxy/haproxy.conf

[ALERT] 101/163223 (1993) : Proxy 'https': type of pattern not usable with type of stick-table 'https'.

[ALERT] 101/163223 (1993) : Proxy 'https': type of pattern not usable with type of stick-table 'https'.

[ALERT] 101/163223 (1993) : Fatal errors found in configuration.  

and haproxy demon do not start.  

If understand correctly I do not need to use tunnel to use SSL sticky sessioon configurations. My SSL sticky sessioon configuration originates

form HAproxy 1.5-dev documention folder file configuration.txt example # Learn SSL session ID from both request and response and create affinity  

I would be pleased if any one could explain is it a bug of the HAproxy development version or is it my configuration problem !  

Lauri Adamson

AS Andmevara  

My haproxy.config content is following :  


        user haproxy

        group haproxy

        stats socket /tmp/haproxy  



contimeout 500

clitimeout 500

srvtimeout 500  

listen stats :1936

                mode http

                stats enable

                stats hide-version

                stats scope .

                stats realm Haproxy\ Statistics

                stats uri / stats

                stats auth Username:Password


listen http

        mode tcp

        balance leastconn

                maxconn 10000

        server web1 check

        server web2 check 


listen https

        mode tcp

        balance leastconn

       maxconn 10000

       # maximum SSL session ID length is 32 bytes.

        stick-table type binary len 32 size 30k expire 30m

        acl clienthello req_ssl_hello_type 1

        acl serverhello rep_ssl_hello_type 2  

# use tcp content accepts to detects ssl client and server

        tcp-request inspect-delay 5s

        tcp-request content accept if clienthello  

       # no timeout on response inspect delay by default.

        tcp-response content accept if serverhello  

# SSL session ID (SSLID) may be present on a client or server

# Its length is coded on 1 byte at offset 43 and its value

# at offset 44.

# Match and learn on request if client hello.

        stick on payload_lv(43,1) if clienthello  

# Learn on response if server hello.

        stick store-response payload_lv(43,1) if serverhello  

        server web1 check

        server web2 check Received on 2011/05/09 07:41

This archive was generated by hypermail 2.2.0 : 2011/05/09 07:45 CEST