Hi,
> I've checked my own logs and found SSL handshake failures starting > on April 8th, or the day after Heartbleed was disclosed, as can be > seen below with the number of errors per day : Yes, please everyone specify whether there are actually users reporting this behavior, or if this is a log error only. We will see a lot of automated Heartbleet exploiting the next months, I'm sure. Check if a test @ssllabls [1] and others generates such an error. > my problem is, that i sometimes see an error message in my browser. i > also got one response from a user saying that he can't access our > ssl-pages and gets an error. There are 2 issues here: - the fact that you sometimes (?) see this error in the browser - the fact that one user can't open the ssl-page at all (likely he has a browser or SSL middlebox incompatible with your SSL settings) Markus, please follow Willy's advise and remove all force-* configurations from your bind line, you should use no-sslv3/no-tlsv1[0-2] keywords to configure specific TLS version, but in this case, as long as you troubleshooting this, I strongly suggest to not configure any specific TLS settings. Also, we need the haproxy -vv output. You said you started running SSL on haproxy April, 8 th, but dev23 was only released these days. So what release did you run previsouly, and did you have the same problems (in the browsers, not the log)? Exact browser and OS release informations are needed as well. [1] https://www.ssllabs.com/ssltest/
