Re: Debugging ssl handshake failures

2020-09-10 Thread Kevin McArthur
Thanks Bruno, I'll see if I can get this working. -- Kevin On 2020-09-09 9:41 p.m., Bruno Henc wrote: Hi, I take it that means theres no internal debug logging for the tls errors that we can just expose via logfile? Proof of concept patches are attached with build instructions. You may

Re: Debugging ssl handshake failures

2020-09-09 Thread Bruno Henc
Corrected build instructions attached. openssl-2.2.2.2 should be haproxy-2.2.3. Regards, Bruno apt-debuild Description: Binary data

Re: Debugging ssl handshake failures

2020-09-09 Thread Bruno Henc
Hi, > I take it that means theres no internal debug logging for the tls errors that > we can just expose via logfile? Proof of concept patches are attached with build instructions. You may wish to edit the haproxy-2.2.3/rules/debian folder to increase the -j setting to your current number of

Re: Debugging ssl handshake failures

2020-09-01 Thread Kevin McArthur
Thanks Bruno, My first step would be to setup a custom log format that uses log converters with the appropriate fetches [1]: log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r %[ssl_fc_protocol] %[ssl_fc_cipher]" For some

Re: Debugging ssl handshake failures

2020-09-01 Thread Bruno Henc
‐‐‐ Original Message ‐‐‐ On Tuesday, September 1, 2020 6:57 PM, Kevin McArthur wrote: > Hi haproxy > > I'm wondering if there is any way to debug the error message "www-https/1: > SSL handshake failure"? I've tried increasing log levels to debug etc, but > nothing seems to log about

Debugging ssl handshake failures

2020-09-01 Thread Kevin McArthur
Hi haproxy I'm wondering if there is any way to debug the error message "www-https/1: SSL handshake failure"? I've tried increasing log levels to debug etc, but nothing seems to log about why the failure occurred. Haproxy 2.2.2-1ppa1~focal on Ubuntu 20.04 We've had a strange regression when