Home > database >  HAproxy SSL handshake failure
HAproxy SSL handshake failure

Time:11-19

when i use HAproxy as load balancer, at HTTP termination mode and i tail log of it

(tail -f /var/log/haproxy.log). There are 2 types of log appearing

[time] frontend_name/1: SSL handshake failure

and

[time] frontend_name~ message

frontend_name is name follow frontend keyword config in /etc/haproxy/haproxy.cfg

I don't know what /1 and ~ in log message is, and why SSL handshake failure appearing at log has ~ Can someone help me explain and fix this error? Thanks!

CodePudding user response:

~ after frontend name means connection has been established using SSL/TLS
You can find reference to it in %ft entry in the table at: https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#8.2.4
About /1 in frontend_name/1: SSL handshake failure:
I can't find it in the docs, but by experimenting i found it's the number of port in frontend, to which connection was attempted and SSL handshake failed.
For config:

frontend frontend_name
  bind *:443,*:444 ssl crt <path_to_cert>
  bind *:445 ssl crt <path_to_cert> no-tlsv13

If i make TLS1.3 connection to port 445 (e.g. openssl s_client -connect 127.0.0.1:445 -tls1_3), i will get:

frontend_name/3: SSL handshake failure

because 445 is 3. port listed in this frontend.

Page link:https//www.codepudding.com/database/197527.html

Prev:Force SSL traffic to existing S3 bucket: How to ensure things won't break?
Next:Server side event tracking for Google Analytics with source & medium is not working
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding