Daniel, Thanks for taking the time to test this out. I just reloaded a test machine from scratch with -current and installed the HAProxy 2.0.15-4f39279 package. I loaded a very basic config file, and am also seeing the same exact issue on this one as well. Very strange that you are not - Would you mind sharing any additional details of your config file? Is there anything special about the certificate you have on the backend server?
I would love to understand what is going on here and what the difference is with my experience. On Thu, Jul 2, 2020 at 4:38 PM Daniel Jakots <d...@chown.me> wrote: > > On Thu, 2 Jul 2020 14:00:48 -0400, Henry Bonath <he...@thebonaths.com> > wrote: > > > Note the missing Client Hello on the 6.7 machine as it jumps to > > Application Data straight away. > > Configuration files for HAProxy are identical on both systems. > > > > I'm currently spinning up a machine on -CURRENT just to see if there > > is any difference, > > as there is a newer version of HAProxy in packages under Snapshots. > > > > I was initially going to try to reach out to the package maintainer > > for HAProxy but if this is happening in Relayd, then this "feels > > like" a de-facto bug. I wonder if NGINX would exhibit the same > > behavior. > > > > Has anyone else experienced such behavior with Load-Balancing TLS > > Backends since upgrading to 6.7? > > I don't use TLS for my backend (the only backend I use nowadays is on > localhost) so I can't speak for 6.7 (I only use -current, and when > -current was 6.7, I didn't test that). > > I just tested my -current haproxy using another -current host of mine > running nginx as a backend with TLS and it worked fine. > > backend https > option forwardfor > server web1 ln.chown.me:443 check ssl verify none > > and also with "verify required ca-file /etc/ssl/cert.pem" > > > Maybe some libressl fix happened on -current was not deemed critical > enough to be backported to 6.7? > > Cheers, > Daniel