Reuse backend ssl session without frontend keep-alive?


#1

Is it possible to reuse ssl sessions to a backend without the frontend supporting keep-alive? What we want is effectively a pool of TLS sessions to the backend that can be reused by any frontend session. The frontend is configured with option forceclose in order to make it fast to drain connections from each haproxy box during a rolling restart and to keep some timers more accurate in logs.* We thought that http-reuse aggressive on the backend might give us the TLS session-pooling behavior we want, but it doesn’t seem to.

*This is based on commit messages. I can’t speak to whether option forceclose actually achieves those.