I want to eat all SSL handshake errors from the backend

I posted on server fault but I thought I’d post here as well.


I have an old hp dl360 g7 with iLO 3. Modern browsers can’t access it because it uses ancient ciphers.

On my internal network, I’d like to have haproxy talk to it and eat the SSL errors and serve the content with SSL that modern browsers will support.

What I’ve tried:

frontend ilo3
    bind *:3333 ssl crt /etc/letsencrypt/live/mydomain.com/haproxy.pem alpn h2,http/1.1
    mode http
    use_backend ilo3

backend ilo3
    server node1 check ssl port 443 verify none


When I hit https://<haproxyip>:3333 I get:

Jun 25 22:28:46 haproxy haproxy[5750]: [25/Jun/2023:22:28:46.816] ilo3/1: SSL handshake failure

It’s possible I’m not understanding the difficulties with what I’m trying to do. Appreciate any education.