@astradslme wrote:
Hi Community,
i dont know why, but my haproxy throws me severals time a “SSL handshake failure” like this:
Jul 18 15:35:43 proxy1 haproxy[6477]: 192.168.100.100:51019 [18/Jul/2018:15:35:43.294] www-https/1: SSL handshake failure
Jul 18 15:35:43 proxy1 haproxy[6474]: 192.168.100.100:51020 [18/Jul/2018:15:35:43.294] www-https/1: SSL handshake failure
Jul 18 15:35:43 proxy1 haproxy[6464]: 192.168.100.100:51022 [18/Jul/2018:15:35:43.366] www-https/1: SSL handshake failureThe certificate is correct, valid and contains chain.
Here is my config file:
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon maxconn 10240 nbproc 8 cpu-map 1 0 cpu-map 2 1 cpu-map 3 2 cpu-map 4 3 cpu-map 5 4 cpu-map 6 5 cpu-map 7 6 cpu-map 8 7 nbthread 8 cpu-map auto:1/1-8 0-7 stats bind-process 8 tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http option forwardfor option http-server-close option httplog option dontlognull stats enable stats uri /stats stats realm Haproxy\ Statistics stats auth admin:admin timeout connect 50000 #timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend www-http bind *:80 reqadd X-Forwarded-Proto:\ http default_backend www-backend frontend www-https bind *:443 ssl crt /etc/ssl/private/cert.full.pem reqadd X-Forwarded-Proto:\ https default_backend www-backend backend www-backend balance source hash-type consistent cookie SERVERID insert indirect nocache redirect scheme https if !{ ssl_fc } http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload;" server Server1 srv1.example.com:80 check cookie Server1 server Server2 srv2.example.com:80 check cookie Server2 server Server3 srv3.example.com:80 check cookie Server3
Posts: 1
Participants: 1