Hi John, >> >> There is some inconsistencies between the engine and the used client: >> >> here the conf: >> global >> tune.ssl.default-dh-param 2048 >> ssl-engine qat >> ssl-async >> >> listen gg >> mode http >> bind 0.0.0.0:8443 ssl crt /root/2048.pem >> redirect location / >> >> openssl s_client -connect performs well but curl failed: >> emeric@ebr-laptop:~/inject$ curl -k https://10.0.0.109:8443/ >> curl: (35) gnutls_handshake() failed: Bad record MAC >> >> >> If I comment the ssl-engine line, no more issue. >> >> R, >> Emeric >> >> the conf: >> >> >> >>
I'm not sure that the issue is related to your patch, i may reach an issue int QAT engine I've made some test using openssl s_server. Doing a curl request shows this error: [root@centos bin]# ./openssl s_server -accept 9443 -engine qat -cert /root/2048.pem ERROR 140267076605760:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:602: shutting down SSL CONNECTION CLOSED And using the haproxy as client also fails with this error: 140267076605760:error:800910C8:lib(128):qat_rsa_priv_enc:rsa from to null:qat_rsa.c:917: 140267076605760:error:141EC044:SSL routines:tls_construct_server_key_exchange:internal error:ssl/statem/statem_srvr.c:2453: shutting down SSL CONNECTION CLOSED R, Emeric > >