Hi,
I am facing issue of intermittent failure of handshake after ServerKeyExchange message fro Server to Client.
The difference between successful and Failed trace is for one Distinguished Name.
The TCPDUMP Trace comparison is attached herewith.
Left Side image is for failed. Right side image for success case. In success case inroot DN is sent.
On what basis HAProxy send this DN in ServerKeyExchange and how to check that in HAProxy? Also what could be the reason it is sending different DN in some requests causing it to fail the handshake.
configuration:
frontend www-smsr
bind smsr.vi.com:8743 ssl crt /etc/haproxy/certs4/smsr.vi.com.key.pem ca-file /etc/haproxy/certs4/truststore/clients.pem verify required
log /dev/log local0 debug
http-request set-header X-SSL-Client-DN %{+Q}[ssl_c_s_dn]
reqadd X-Forwarded-Proto:\ https
option http-keep-alive
default_backend smsr_es_nodes
Pls Help.
Thanks,
Shivkumar.
1 post - 1 participant