Hi Everyone,
Currently my HAProxy Server is running in tcp mode. I’m receiving TLS Handshake errors logs on my backend server even if there are no API calls to the backend server. Can anyone explain the reason for the errors.
TLS error logs:
caller="http: TLS handshake error from xx.xx.xx.xx:yyy" msg="tls: no cipher suite supported by both client and server"
caller="http: TLS handshake error from xx.xx.xx.xx:yyy" msg="tls: first record does not look like a TLS handshake"
caller="http: TLS handshake error from xx.xx.xx.xx:yyy" msg="tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])
caller="http: TLS handshake error from xx.xx.xx.xx:yyy" msg="tls: unsupported SSLv2 handshake received"
caller="http: TLS handshake error from xx.xx.xx.xx:yyy" msg="tls: client offered only unsupported versions: []"
caller="http: TLS handshake error from xx.xx.xx.xx:yyy" msg="tls: client offered only unsupported versions: [302301]"
caller="http: TLS handshake error from xx.xx.xx.xx:yyy" msg="tls: client offered only unsupported versions: [304]"
Note: When i verified xx.xx.xx.xx it was matched with the IP Address of HAProxy server.
haproxy.cfg:
frontend fff
bind *:443 alpn h2,http/1.1
mode tcp
# Wait for a client hello for atmost 5 seconds
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend service_1
backend service_1
mode tcp
option httpchk
http-check connect ssl alpn h2,http/1.1
http-check send meth GET uri /service-1/health
server server1 xx.xx.xx.xx:443 check check-ssl alpn h2,http/1.1 ca-file @system-ca verify required verifyhost abc.com
@lukastribus, Need your help!!
Thanks in advance.