ср, 24 июл. 2024 г. в 22:39, Willy Tarreau <w...@1wt.eu>: > > Hi Alex, > > On Wed, Jul 24, 2024 at 10:32:16PM +0200, Aleksandar Lazic wrote: > > > - SPOE: the old applet-based architecture was replaced with the new > > > mux-based one which allows idle connections sharing between threads, > > > as well as queuing, load balancing, stickiness etc per request > > > instead > > > of per-connection and adds a lot of flexibility to the engine. We'd > > > appreciate it a lot if SPOE users would take some time to verify that > > > it works at least as well for them as before (and hopefully even > > > better). Some good ideas may spark. Please check Christopher's > > > response to the SPOE thread for more info. > > > > Cool. Thank you that you handle this topic, even I don't use it for now :-) > > Hehe, who knows, maybe one day you'll have a good use for it :-) > > > > - ocsp: some processing was refined to better handle a corner case > > > where > > > the issuer chain is not in the same PEM file, though it also slightly > > > changes how this is handled on the CLI. > > > > [snipp] > > > > Does this announcement have any impact to HAProxy? > > > > "Intent to End OCSP Service" > > https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html > > https://news.ycombinator.com/item?id=41046956 > > I noticed it on LWN today but I really have no idea. I'll let the SSL > experts chime in.
from user point of view disabling OCSP is a disadvantage, because web browser will need extra CRL download (instead of OCSP staple) for people setting up their servers to add OCSP stapling it would be ... a surprise :) > > Cheers, > Willy > >
