>> On other thing that cames to my mind is intermediate certificates.
>> Are intermediate certificates correctly installed on haproxy?
>>
>
> Here we got the problem and now it is clear to me — all the behavior we
> saw in the tcpdumps. The browsers have the intermediate cert installed
> and that´s why it looked good there.
Even then, a browser would have emitted an error message that would've lead
to this discovery much sooner, but the Java client really hid the problem.
> After generating a new PEM file with all the certificates from the chain the
> web socket
> connection works fine. Even with:
> tune.ssl.default-dh-param 2048
>
> Thank you very, very much for your help!
You're welcome!
Lukas
