>> On other thing that cames to my mind is intermediate certificates. >> Are intermediate certificates correctly installed on haproxy? >> > > Here we got the problem and now it is clear to me — all the behavior we > saw in the tcpdumps. The browsers have the intermediate cert installed > and that´s why it looked good there.
Even then, a browser would have emitted an error message that would've lead to this discovery much sooner, but the Java client really hid the problem. > After generating a new PEM file with all the certificates from the chain the > web socket > connection works fine. Even with: > tune.ssl.default-dh-param 2048 > > Thank you very, very much for your help! You're welcome! Lukas