That test was executed from the haproxy VM. According to the admin stats page, it looks to believe that the clients are down.
- Brian Menges -----Original Message----- From: Cyril Bonté [mailto:[email protected]] Sent: Tuesday, November 18, 2014 2:54 PM To: Brian Menges; [email protected] Subject: Re: debugging ssl passthrough+haproxy Le 18/11/2014 23:16, Brian Menges a écrit : > Oops, thought I did that: > > # openssl s_client -connect 216.121.17.252:443 From where did you execute the command ? From the haproxy server ? Can you verify that haproxy doesn't see your servers as DOWN ? > CONNECTED(00000003) > depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", > OU = http://certificates.godaddy.com/repository, CN = Go Daddy Secure > Certification Authority, serialNumber = 07969287 verify > error:num=20:unable to get local issuer certificate verify return:0 > --- > Certificate chain > 0 s:/C=US/ST=Texas/L=Dallas/O=ARTIZONE INC./CN=*.artizone.com > i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, > Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure > Certification Authority/serialNumber=07969287 > 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, > Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure > Certification Authority/serialNumber=07969287 > i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 > Certification Authority > --- > Server certificate > -----BEGIN CERTIFICATE----- > ... > -----END CERTIFICATE----- > subject=/C=US/ST=Texas/L=Dallas/O=ARTIZONE INC./CN=*.artizone.com > issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, > Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure > Certification Authority/serialNumber=07969287 > --- > No client certificate CA names sent > --- > SSL handshake has read 3247 bytes and written 570 bytes > --- > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key > is 2048 bit Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES256-SHA384 > Session-ID: > 3E310000B5ECB76581C58C94477A6DA925EB0245BF3EAA9103CA81179289FCAB > Session-ID-ctx: > Master-Key: > 60BCC13E943926E284767D695B3B61F47837D1E034DAF28D7AAB4CC557FB73E56AE52FEBFC4D6C717F5DE29550E59F05 > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1416348829 > Timeout : 300 (sec) > Verify return code: 20 (unable to get local issuer certificate) > --- > GET / > ... <html> ... > > Works both with and without the '-tlsv1' flag. > > - Brian Menges > DevOps Architect @ GoGrid, LLC. > > -----Original Message----- > From: Lukas Tribus [mailto:[email protected]] > Sent: Tuesday, November 18, 2014 1:51 PM > To: Brian Menges; [email protected] > Subject: RE: debugging ssl passthrough+haproxy > >> Getting the same sort of reply: >> # openssl s_client -connect 216.121.28.78:443 > > No, I meant to connect to the origin server, not haproxy itself, but from the > proxy VM: > > openssl s_client -connect 216.121.17.252:443 > > > > Regards, > > Lukas > > > > ________________________________ > > The information contained in this message, and any attachments, may contain > confidential and legally privileged material. It is solely for the use of the > person or entity to which it is addressed. Any review, retransmission, > dissemination, or action taken in reliance upon this information by persons > or entities other than the intended recipient is prohibited. If you receive > this in error, please contact the sender and delete the material from any > computer. > -- Cyril Bonté ________________________________ The information contained in this message, and any attachments, may contain confidential and legally privileged material. It is solely for the use of the person or entity to which it is addressed. Any review, retransmission, dissemination, or action taken in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
