On Jan 29, 2016 8:01 PM, "Amol" <[email protected]> wrote:
> Here is what does not work > > $ curl -vL https://<haproxyIP>:443/matest.php > * Trying <haproxy_IP>... > * Connected to <haproxy_IP> (127.0.0.1) port 443 (#0) > * WARNING: using IP address, SNI is being disabled by the OS. > * Server aborted the SSL handshake > * Closing connection 0 > curl: (35) Server aborted the SSL handshake The far end server may require that you try to negotiate with SNI -- which the output here shows that you are not doing, since there's no proper hostname to send. The simple workaround, if that is the case, is to place your HAProxy IP address and the far-end's hostname in your /etc/hosts file. (Not the HAProxy machine, but the machine where you're running curl). Then use curl https://that-hostname.example.com. That way, curl will attempt the SSL negotiation in a way that the far-end expects. Since the hostname you're trying to connect to should match the certificate that will then be offered, this configuration should work if the lack of SNI on your side is indeed the issue. You need to be sending the correct hostname in the request headers, anyway... because the far-end may need it.
