HTTPs FrontEnd doesnt Work correctly after Upgrade to 2.0.4

Hi everybody,
I am stuck on a problem which i really could use some Help on. I am having trouble with a http listener, which balances requets to a MS Exchange 2010 CAS Array.

The Story:
We used HAProxy 1.5.18 until this Monday. We Upgraded to 2.0.4. (I know its a Huge Version gap…) After the Upgrade everything seemed to work just like before. Except for the one listener mentioned above.

The Access via Browser Works fine, with absolutly no Errors. But we are using a MDM software, which had the following Errors in its log aufter the Upgrade:
error : 2019-08-08 11:30:29 : 80.187.109.156 : tf5bz4ge617347261038502077:904 : processRequest : Something went wrong, while processing the read request. Exception: Received more data than the amount that has been announced.

This is the config we are Using:
global
chroot /var/lib/haproxy
daemon
group haproxy
maxconn 2000000
pidfile /var/run/haproxy.pid
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3
ssl-server-verify none
stats socket /var/lib/haproxy/stats
tune.ssl.cachesize 1000000
tune.ssl.default-dh-param 2048
ulimit-n 450000
user root
defaults
backlog 10000
log global
maxconn 2000000
option contstats
option redispatch
option dontlognull
option log-separate-errors
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
timeout http-keep-alive 10s
listen 00-mdmcas-https
bind 172.xx.xx.xx:443 ssl crt /etc/pki/bundle/
mode http
balance source
timeout client 600s
server cas-01p 172.xx.xx.xx:443 check ssl
server cas-02p 172.xx.xx.xx:443 check ssl
server cas-03p 172.xx.xx.xx:443 check ssl

Any Help is highly apriciated! I cant find out why this shouldn’t work. The Application Support of course says its a Haproxy Problem couse after a downgrade everything works lika a charm…

Can you verify what happens when you put:

no option http-use-htx

into your default section?

Hi,

thank you! We will test it!

Hi @lukastribus ,

i could finally test it in production. Unfortunatly it didn’t help. We are still getting the same Error…

Please provide haproxy logs corresponding to those failed requests.

Hi,

we are using “option dontlog-normal”, i dont see any errors. So i asume there are non.

We solved the Probem!

An Update to the Appliance did the trick! Thanks for your Support!

1 Like