[docs request]: server ... ssl check == layer6 check passed but server ... ssl check no-check-ssl == layer4 check passed

Hi, I’m looking for docs. What is layer 6? The below tests are in a backend with mode tcp. I’m assuming that layer 6 means TCP but am not familiar with TCP being at layer 6. I also don’t see any logs at INFO level or in debug (-d) mode showing the health check requests to confirm. These messages are from the /stats page.

  • server ... ssl check == L6OK/Layer6 check passed (this is the same if I use server ... ssl check check-ssl, can’t use just ssl check-ssl because if I do then no health checks on any layers work))
  • server ... ssl check no-check-ssl == L4OK/Layer4 check passed

Well, Wikipedia says:

Transport Layer Security (TLS) does not strictly fit inside the model either. It contains characteristics of the transport and presentation layers.

And the table suggests TLS is layer 6:

Then it links to this answer by Tom Leek “What layer is TLS?” which says:

  • SSL/TLS organizes data as records, that may contain, in particular, handshake messages. Handshake messages look like layer 5. This would put SSL/TLS at layer 6 or 7.


Thus, in the OSI model, SSL/TLS must be in layer 6 or 7, and, at the same time , in layer 4 or below. The conclusion is unescapable: the OSI model does not work with SSL/TLS. TLS is not in any layer.


Yes, SSL/TLS is considered Layer 6 in haproxy.