Hi,
We are seeing a fair amount of 'SSL handshake failure' errors in our log,
and we are running HAProxy 1.5-dev18.
The pattern of errors is:
Jun 17 20:00:28 localhost.localdomain haproxy[26060]: 68.xxx.xx.216:56030
[17/Jun/2013:20:00:28.002] public/2: SSL handshake failure
The following are the relevant frontend settings in our config:
frontend public
mode http
bind 0.0.0.0:80 <http://0.0.0.0/>
bind 0.0.0.0:443 ssl crt /etc/haproxy/ssl_wc/site.pem no-sslv3
ciphers RC4:HIGH:!EXP:!LOW:!RC2:!3DES:!SEED:!aNULL:!eNULL:!MD5:!EDH
option forwardfor except 127.0.0.1
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
reqadd X-Forwarded-Proto:\ http if !{ ssl_fc }
redirect scheme https if !{ ssl_fc }
Any idea what causes these 'SSL handshake failure' errors? Given our whole
site uses SSL, this is impacting usability for users.
Best regards,
Merton
