Attached is a pcap with the bind line cut+paste from your link. In this case I see Encrypted Alert, but I'm struggling to decrypt it in WS with this setup.
On Mon, Feb 23, 2015 at 11:36 AM, Lukas Tribus <luky...@hotmail.com> wrote: > There's some confusion here. > > For the sake of clarity, please, for the time being, use the Mozilla cipher > recommendations, and configure your bind line *exactly* like this (don't > specify the named curves, just configure the ciphers without any additional > configuration): > > http://pastebin.com/raw.php?i=XswSbviN > > > and provide the pcap file of the failed handshake of *that* specific > configuration, not your original configuration. > > > "verify optional" on the bind line will certainly upset buggy clients, because > the server will ask the client to provide a certificate, don't use it when > troubleshooting SSL problems that are unrelated to client cert auth. > > > > I don't see any SPDY traffic in the traces either ... > > > Regards, > > Lukas > >
haproxy_3.pcap
Description: Binary data