Hi,
I can't find out why ssl check is not working while openssl return is ok.
global
ssl-default-bind-ciphers
kEECDH+aECDSA+AES:kEECDH+aRSA+AES:kRSA+AES:+AES256:!kEDH:!LOW:!EXP:!MD5:!RC4:!aNULL:!eNULL
backend ABC
mode http
server 1.2.3.4 1.2.3.4:443 check ssl verify required ca-file
/etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem
# echo Q | openssl s_client -connect 1.2.3.4:443 -CAfile
/etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem -cipher
'kEECDH+aECDSA+AES:kEECDH+aRSA+AES:kRSA+AES:+AES256:!kEDH:!LOW:!EXP:!MD5:!RC4:!aNULL:!eNULL'
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 O = AlphaSSL, CN = AlphaSSL CA - G2
verify return:1
depth=0 C = FR, OU = Domain Control Validated, CN = sslABC
verify return:1
---
Certificate chain
0 s:/C=FR/OU=Domain Control Validated/CN=sslABC
i:/O=AlphaSSL/CN=AlphaSSL CA - G2
1 s:/O=AlphaSSL/CN=AlphaSSL CA - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
2 s:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
subject=/C=FR/OU=Domain Control Validated/CN=sslABC
issuer=/O=AlphaSSL/CN=AlphaSSL CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 3289 bytes and written 523 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: [...]
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1455120471
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
I also forced tlsv1 use without success.
Did I miss something ?
Regards
