On 02/12/2015 12:41 AM, "Cohen Galit" <[email protected]> wrote:
>
> Hello,
>
>
>
> When HAProxy 1.5.9 is trying to sample our servers with this
configuration: tcp-check connect port 50443 ssl
>
>
>
> Our servers returns an error:
>
>
>
> 2015-11-29 09:48:18,155 [StartPoint-IMAP-SSL-Worker(14)]
[e8d05153-267f-4378-9a97-5245391ffe26] [] ERROR
connection.SSLHandshakeStartPointListener
(SSLHandshakeStartPointListener.java:onFailure :80) - SSL/TLS handshake
failed with client identified by /10.106.75.51:35892
>
> javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
>
>
>
>
>
> Please advice,
>
>
>
> Thanks,
You need to disable SSLv3 in haproxy or enable it on the imap side which
probably has only TLS support setup. I can't see option of setting the ssl
version in tcp-check connect so probably has to be done globaly in haproxy.
