We recently upgraded to haproxy 1.7.9 , we are facing one issue.
A TLS tunnel is created from frontend system to haproxy and then haproxy creates a TCP connection with another interface after TLS handshake with frontend.
Here after TLS handshake haproxy hangs at getsockopt() system call.
0.000058 getsockopt(2, SOL_IP, 0x50 /* IP_??? */,
earlier we were using 1.5.19 and it was working fine.
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw -deflate(“deflate”), gzip(“gzip”)
Built with OpenSSL version : OpenSSL 1.0.2n 7 Dec 2017
Running on OpenSSL version : OpenSSL 1.0.2n 7 Dec 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.41 2017-07-05
Running on PCRE version : 8.41 2017-07-05
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_F REEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[COMP] compression
[TRACE] trace
[SPOE] spoe
uname -a
Linux LB-0 4.4.118-pc64-distro.git-18.2.2-rcp2 #1 SMP Tue Feb 27 07:57:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux