today i have switch to dev23. everything is working very well in our
environment. haproxy works perfect in http mode.
load balancing our two backend servers with master/slave and backup setup.
i also use haproxy for ssl terminiation. exakt: haproxy takes ssl requests to
our shop and then do ssl to the backend
servers with backup setup.
so far everything works very good.
only problem is that i see
xx.xx.xx.xx:50281 [23/Apr/2014:19:49:03.771] https/1: SSL handshake failure
those error messages in the log file. what happens here? sometimes i get an
error message in the browser, firefox gives
the error message: ssl_error_illegal_parameter_alert. but not always.
this is the ssl config for haproxy
global
daemon
maxconn 2000
stats socket /opt/haproxy/var/socket mode 0600 level admin
user www
group www
pidfile /opt/haproxy/var/pid
defaults
mode http
log global
balance roundrobin
option httplog
option dontlognull
retries 3
option redispatch
option http-server-close
# option http-keep-alive
option forwardfor
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
log 127.0.0.1 local0
frontend https
bind xx.xx.xx.xx:443 ssl crt /opt/haproxy/haproxy.ssl.crt force-sslv3
force-tlsv10 ciphers
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!RC4+RSA:+HIGH:+MEDIUM
capture request header Host len 32
default_backend lbhttps
monitor-uri /ok
reqadd X-Forwarded-Proto:\ https
backend lbhttps
server master yy.yy.yy.yy:443 ssl maxconn 50 check weight 1 inter 5s rise
3 fall 2 verify none
server slave zz.zz.zz.zz:443 ssl maxconn 50 check backup weight 1 inter 5s
rise 3 fall 2 verify none
