Hi Heiko,
> Currently, I start haproxy manually with this command (in the same shell I
> edit the config file, thus I have to stop haproxy with CTRL-C for changes):
> —
> haproxy -d -f /etc/haproxy/haproxy.cfg
> —
I see. Can you run it through strace -tt, Not that I expect to see why the TLS
handshake fails, just to confirm that its indeed haproxy that accepts the
connection (just prepend your command above with strace -tt). Attach the
strace output to a txt file to the mail, as it will be long.
Also, please try the bind keywords no-tlsv12, no-tlsv11 and
"ciphers TLS_RSA_WITH_RC4_128_SHA". If this makes it work, please apply
the attached debug patch and just run it with force-tlsv10, I would like
to know if that call fails.
Anyway, I still think we don't see the whole picture. You don't have
any SSL/TLS intercepting middleboxes between your client and your
server, correct?
Regards,
Lukas
debugforcetlsv10.patch
Description: Binary data
