Hi Brian,
> I’m trying to debug some ssl haproxy issue (we’re not terminating at
> the proxy).
>
>
>
> It appears to dislike the SSL connection (client to VIP, and VIP to
> real server). I’m trying to figure out if this is a configuration issue
> (which doesn’t seem likely, we have private signed certs that are
> working), a real server issue, an haproxy issue, or hell find the issue
> period.
>
>
>
> Client connections terminate rather quickly (curl tests show ‘empty
> reply’), HAProxy health checks seem to send the HELLO but there’s a RST
> reply; shows as SOCKERR in the admin stats page. Curl gives the same
> reply (listed below) whether I use --tlsv1 or not (found some threads
> in the mail list suggesting to try this).
>
>
>
> Installed:
>
> · Haproxy 1.4.15-1
>
> · Openssl 1.0.1-4
>
>
>
> Client is using a GoDaddy SSL certificate; direct client to real server
> connectivity works as expected.
>
> Anything else that could help you help me?
Sounds like a server issue to me, somehow specific to the proxy box,
yet still a server issue or maybe some middlebox between the proxy
and the server.
Try those curl and openssl s_client tests from the actual proxy
box (216.121.28.78?) directly towards the server (216.121.17.252?), lets
see what happens (when the source IP and the network path is the
same as from HAProxy).
Regards,
Lukas
