> Hi Brian,
>
> Le 18/11/2014 20:12, Brian Menges a écrit :
>> $ curl --ssl --ciphers ALL -v 216.121.28.78:443
>
> First issue here, please prefix your URL with https://
> Otherwise curl will try to send plain HTTP on port 443.
The --ssl parameter makes sure here that curl indeed uses
SSL. A https:// prefix is would be more "curl-like" though.
I think I see what's going on:
The "ssl-hello-chk" option really only sends a SSLv3 client
hello and your origin server seems to have SSLv3 disabled, as:
openssl s_client -ssl3 -connect 216.121.17.252:443
fails (at least from my box here).
Because health checks are failing, all your servers are probably
marked down, and nothing works.
We need to check how haproxy 1.5 ssl-hello-chk behaves, if it's
still SSLv3 only, it would probably be a good time to upgrade this
to TLS (at least v1.0).
Enable SSLv3 on your server or disabled ssl-hello-chk to workaround
the issue.
Regards,
Lukas
