nwehrman

It looks like the Ubuntu releases may have moved so perhaps swapping to the ones that you mentioned above would help? I'm running the netboot.xyz iso. I just downloaded it...

Are you ok with posting part of your packet capture? Just one of the failing streams should give me a starting point.

The most unusual thing to me is the logged ssl_fc_sni name in your log message (unless you modified it?). It's recording the SNI as just ss.com but your pcap shows...

I just tested against HAPEE2.8 and didn't get logs for the second two failure scenarios in your pcap. I'll see if I can find an older version of haproxy to...

I've now tested HAProxy version 2.8.5-1ppa1~jammy 2023/12/09 - https://haproxy.org/ ii hapee-2.4r1-lb 1.0.0-274.728

I'm not certain what to add in this. It would appear to me that the primary thing to fix is that when "option dontlognull" is enabled then HAProxy shouldn't log...

I'll have to admit I had to re-read much of this several times to understand it but I appreciate your thorough response. For simplicity sake perhaps we could focus this...

Just a note for a developer or another person who stumbles on this but you can leverage prefix lists with the rest api as well if needed. https://my.f5.com/manage/s/article/K11549313

One concern that I have about this change is if anyone uses a custom log format for a tcp mode frontend and then does an upgrade their configuration will fail...

In prior versions the use of "%ST" is allowed in all frontends regardless of the backend. In the latest version if you use that same configuration then it will fail...