Hello Samat,
On Tue, Feb 05, 2013 at 12:39:20PM +0400, Samat Galimov wrote:
> Hello,
>
> I have very strange behaviour of HA-Proxy version 1.5-dev17 2012/12/28 on
> FreeBSD 9.0-Stable
>
> % openssl s_client -debug -servername dharma.zvq.me -connect
> dharma.zvq.me:443 /usr/local/etc
> CONNECTED(00000003)
> write to 0x801407160 [0x801525000] (128 bytes => 128 (0x80))
> 0000 - 16 03 01 00 7b 01 00 00-77 03 01 51 10 6a 26 66 ....{...w..Q.j&f
> 0010 - e8 2b 77 63 f9 ea 25 e8-b7 cb 51 84 0a d7 0d 7c .+wc..%...Q???.|
> 0020 - 58 2c 32 6f 0f 54 94 c6-29 57 c4 00 00 34 00 39 X,2o.T..)W???4.9
> 0030 - 00 38 00 35 00 88 00 87-00 84 00 16 00 13 00 0a .8.5......??????
> 0040 - 00 33 00 32 00 2f 00 45-00 44 00 41 00 05 00 04 .3.2./.E.D.A???.
> 0050 - 00 15 00 12 00 09 00 14-00 11 00 08 00 06 00 03 .........??????.
> 0060 - 00 ff 01 00 00 1a 00 00-00 12 00 10 00 00 0d 64 .........??????d
> 0070 - 68 61 72 6d 61 2e 7a 76-71 2e 6d 65 00 23 harma.zvq.me.#
> 0080 - <SPACES/NULS>
> read from 0x801407160 [0x801577000] (7 bytes => 0 (0x0))
> 42642:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:/mnt/jq032hgn/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:182:
> OpenSSL is 0.9.8q 2 Dec 2010
>
> It's randomly gives such a weird error, 50% chance, as I see.
Are you the only one to access this service or is it in production and
used by other people ? I'm asking because we had a similar report a few
weeks ago of 0.9.8 on solaris experiencing random errors, and we suspected
that the error queue was probably sometimes filled by some SSL calls
without returning an error, and thus was not flushed.
Would you accept to try a patch ? We have one to change the behaviour
that we have still not merged due to the lack of testers experiencing
the issue !
> On server side (i run haproxy with -d) i get:
> 0000000c:https.accept(0005)=0007 from [5.9.11.40:43423]
> 0000000c:https.clicls[0007:0008]
> 0000000c:https.closed[0007:0008]
>
> Here is my config:
(...)
I see nothing wrong in your configuration, and a config should not cause
a random behaviour anyway. Also you're not in a chroot so it cannot be
caused by a lack of entropy caused by the inability to access /dev/urandom.
Willy
