Hello Andrei,
On Sun, Jul 07, 2013 at 06:08:27PM +0300, Andrei Marinescu wrote:
> Hello everyone!
>
> I've moved off AWS ELB today to HAProxy 1.5dev18. I'm doing SSL
> termination at the LB and I'm encountering a rather large number of
> messages such as:
> - SSL Handshake failure
> - Timeout d
Hello Willy,
Thank you for your answer! I've attached a dump with two requests from
the same ip. First one failed with Connection closed during SSL
handshake, the second one failed with Timeout during SSL handshake.
I've translated the .cap file with tcpdump -qns 0 -X -r file.cap >
translated.
On 2013/7/8 14:16, Andrei Marinescu wrote:
Hello Willy,
Thank you for your answer! I've attached a dump with two requests from
the same ip. First one failed with Connection closed during SSL
handshake, the second one failed with Timeout during SSL handshake.
I've translated the .cap file with t
Hello Andrei,
On Mon, Jul 08, 2013 at 09:16:23AM +0300, Andrei Marinescu wrote:
> Hello Willy,
>
> Thank you for your answer! I've attached a dump with two requests from
> the same ip. First one failed with Connection closed during SSL
> handshake, the second one failed with Timeout during SSL
Hi Andrei,
> I've attached the original cap file and the ssldump for this specific
> request.
I only see a single session of that IP in the cap file.
What we can see from the dump is:
- the client provides both a TLS session ticket and a session ID
- the server acknowledges the session ID
- the
Hi Lukas,
Unfortunately I'm not able to reproduce this on any of the devices I
have access to, I'm just seeing these erros in the logs and I'm trying
to track down the issue. I guess I'll try to find an easy to reproduce
scenario and return with a cap file at that time.
Just so that I can dele
Hi Andrei,
> Just so that I can delete one possibility from my list, is it possible
> that some devices reject the certificate I'm using?
Since the client closed the connection before the server could even provide
the certificate, I guess we can assume the certificate is not the problem.
> I'
On 07/08/2013 11:06 AM, Andrei Marinescu wrote:
Hi Lukas,
Unfortunately I'm not able to reproduce this on any of the devices I
have access to, I'm just seeing these erros in the logs and I'm trying
to track down the issue. I guess I'll try to find an easy to reproduce
scenario and return with a
I finally managed to track
down the issue, the cause was much simpler than I had thought.
As I've mentioned before, the service exposed through this
HAProxy instance is mainly accessed by mobile devices. The errors
appeared when apps where closed (either manually or because of a crash)
when a H
On Sat, Jan 05, 2013 at 11:03:26AM +, Steve Flitcroft wrote:
> I am experiencing a strange issue where sporadically hitting a link in a
> browser will immediately return a 324 Error:Empty Response (chrome) or
> connection reset (FF).
> This happens roughly 5% of the time. I spoke to bedis in th
I'm a the 'bedis' of the IRC channel :)
> Does the problem disappear when you remove the no-tlsv11/12 options above ?
> By using these options, you force the browser to use TLSv1.0 or SSLv3 only.
> Maybe you are not doing the exact same thing in your nginx setup.
I asked Steve to try this because
Hi Baptiste,
On Sat, Jan 05, 2013 at 03:35:03PM +0100, Baptiste wrote:
> I'm a the 'bedis' of the IRC channel :)
>
> > Does the problem disappear when you remove the no-tlsv11/12 options above ?
> > By using these options, you force the browser to use TLSv1.0 or SSLv3 only.
> > Maybe you are not
FYI:
Firefox only uses TLSv1.0 (see [1]), while Chrome can use up to TLSv1.1 (see
[2]).
If both Firefox and Chrome trigger the issue without no-tlsv11/12 option,
then the issue can be triggered with TLSv1.0 for sure.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=733647
[2] http://code.goog
13 matches
Mail list logo