Hello Lukas, > On other thing that cames to my mind is intermediate certificates. > Are intermediate certificates correctly installed on haproxy? >
Here we got the problem and now it is clear to me — all the behavior we saw in the tcpdumps. The browsers have the intermediate cert installed and that´s why it looked good there. After generating a new PEM file with all the certificates from the chain the web socket connection works fine. Even with: tune.ssl.default-dh-param 2048 Thank you very, very much for your help! Best regards, Heiko