Last checked and updated on April 22, 2026What Is New in HAProxy 3.4
HAProxy 3.4 delivers a solid set of updates focused on enhanced control, security, and modern protocol support. This release brings significant improvements to the Runtime API, new SSL features, and better integration with cloud-native environments.
| Category | Key Changes |
|---|---|
| New Features | Dynamic Server List, Prometheus Exporter, OCSP Stapling via CLI, HTTP/3 (QUIC) support |
| Improvements | Enhanced Runtime API, SSL/TLS updates, Logging flexibility, Server timeout handling |
| Bug Fixes | Fixes for HTTP compression, connection management, and memory handling |
| Deprecated | The hash-type directive for map-based stick-tables |
How is server management improved?
The new Dynamic Server API is a game-changer for dynamic infrastructures. It allows you to add and remove servers on the fly via the Runtime API without needing a full configuration reload.
This is crucial for orchestrators like Kubernetes, where backend pods are constantly being created and destroyed. You can now manage your upstream fleet in real-time, eliminating reload delays and connection drops.
What new metrics can I expose?
A native Prometheus exporter is now built directly into the stats module. You can expose metrics in the Prometheus format by appending ?prometheus to your stats endpoint.
This removes the need for external exporters or custom scripts to scrape your HAProxy metrics. It simplifies monitoring stacks and provides first-class support for the de facto cloud-native metrics standard.
Are there new SSL/TLS capabilities?
Yes, OCSP stapling can now be managed entirely through the Runtime API. Use the command set ssl ocsp-response to update the OCSP response for a certificate without a restart.
This makes certificate revocation checking more robust and easier to automate. You can also define multiple CA files and CRLs in your configuration, providing greater flexibility for complex PKI environments.
Is HTTP/3 supported now?
Experimental support for HTTP/3 using the QUIC transport protocol has been introduced. This allows HAProxy to terminate QUIC connections and proxy the traffic to backend servers.
While still experimental, this lays the groundwork for supporting the next generation of web protocols, offering reduced latency and improved performance over lossy networks compared to TCP.
What logging improvements were made?
You now have finer control over which events get logged. New options like log-error and log-separator allow for more granular filtering and custom formatting of log lines.
This helps reduce noise in your log files and makes it easier to integrate with various log aggregation systems by defining your own field separators.
FAQ
How do I use the new Dynamic Server API?
Use Runtime API commands like add server and del server to a backend. For example: echo "add server mybackend/newserver 192.168.1.10:8080" | socat stdio /var/run/haproxy.sock. This lets you manage servers without a reload.
How do I enable the Prometheus export?
Enable the stats module and access your defined stats URL with ?prometheus. For instance, if your stats page is at /stats, fetching /stats?prometheus will return all metrics in the correct format for Prometheus to scrape.
Is it safe to use HTTP/3 in production?
The HTTP/3 implementation is marked as experimental in this release. It's best suited for testing and development environments to evaluate performance. Avoid using it for critical production traffic until it matures in a future stable release.
What replaces the deprecated hash-type directive?
The functionality for map-based stick-tables is now automatic. You can simply remove the hash-type directive from your stick-table configuration lines as it is no longer required for that use case.
Can I update OCSP responses without downtime?
Yes. The new set ssl ocsp-response Runtime API command allows you to update the OCSP response for any certificate in a TLS listener on the fly. This ensures revocation checks are current without restarting the process.