Hi,
Le 03/07/2015 04:26, AJ ONeal (Home) a écrit :
Sounds like that client hello from curl@mac looks different
than we expect, therefor SNI parsing fails. Can you provide
the same tcpdump captures again, this time from the mac
curl client that fails?
I ran this on the server
sudo tcpdump -ps0 -i eth0 -w eth0.64443.cap tcp port 64443
And then this on my Yosemite Mac
curl --insecure https://baz.example.com:64443
<https://baz.example.com:64443/>
And here's the result
https://dropsha.re/files/friendly-lionfish-7/curl-v7.37.1-sni.eth0.64443.cap
At this step, this has nohing to do with haproxy.
If you look at the capture, the client (curl with SecureTransport as the
SSL lib) doesn't provide any SNI information.
--
Cyril Bonté
