I have been working on trouble shooting Haproxy 1.5 dev 19 with SSL for the last day or so on Cent OS 6.4 64bit.
Lastest OpenSSL compiled 1.0.1e, recompiled haproxy with this make -s TARGET=linux2628 USE_EPOLL=1 USE_OPENSSL=1 ARCH=x86_64 clean all SSL cert wild card, plus godaddy intermediate and our key. Our current set of issues we are seeing: *Massive amounts of connection refused when running the test with ssl *Very High usage of CPU on this 8 core 32 gig box with 100 gig ssd and 1gb nic *Maybe 1/4 the amount of traffic we can push though, compaired to a non ssl test We are using Jmeter to load test and blazemeter to do up to 40k jmeter threads for a full hour. Here is a list of the errors that are spit back after the test is done Response codes response codecountresponse message 400 29 Bad request Non HTTP response code: javax.net.ssl.SSLPeerUnverifiedException 86069 Non HTTP response message: peer not authenticated Non HTTP response code: org.apache.http.conn.HttpHostConnectException 27229 Non HTTP response message: Connection to https://xxxx.com:2222 refused Non HTTP response code: java.net.SocketException 88 Non HTTP response message: Connection reset 4122 Precondition Failed Non HTTP response code: org.apache.http.NoHttpResponseException270Non HTTP response message: The target server failed to respond So this is what we are facing and we are not haproxy experts and think we have taken it to the best of what we understand about haproxy config and settings. special note: we do not have a web site on the backend, its user server for an upcoming game we are working on so the stack is quite simple from haproxy -> node.js --> db and back. Json data is posted to the user server and returned.
