HAProxy community

IE8 Server sent fatal alert: handshake_failure

Hi,
We are trying to move our infrastructre from Microsoft NLB to HAproxy to do the load balancing.I have almost completed configuring the HAproxy but when i tried to SSL test throguh SSLlabs im getting this error for IE8 browser. Can you please let me know what would be the appropriate cipher to use for enabling the IE8

here are the ciphers configured on my HAproxy
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA

    ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA

Check the SslLabs browser related pages as they list supported cipher-suites for each browser.

(Also note that perhaps the error is not strictly related to the cipher suite, but because of SNI or other SSL feature that is not supported.)

I’m new to this HAproxy, so can you please guide me on what SSL feature specifically that i need to check on Haproxy server and we are using wild card certificate.

Take a look at SSLLab’s clients test page:
https://www.ssllabs.com/ssltest/clients.html

For example for IE 8 on Windows 7:
https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8&platform=Win%207&key=21

It seems that IE 8 on that OS doesn’t even support TLS 1.2 nor TLS 1.1, which practically means that in 2019 it won’t be able to browse a large portion of the internet (since TLS 1.0 is marked as deprecated and many deployments don’t support it; in fact even TLS 1.1 is deprecated and shouldn’t be used for secure deployments.)

Therefore based on that feature page I would say you need to enable TLS 1.0 and TLS_RSA_WITH_AES_128_CBC_SHA and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (perhaps also the 256) cipher-suites. ALTHOUGH I STRONGLY SUGGEST NOT DOING SO DUE TO SECURITY CONSIDERATIONS!!


I would also strongly suggest reading the following Mozilla page about TLS on the server side as they describe various levels of compliance (and thus security):
https://wiki.mozilla.org/Security/Server_Side_TLS

And you can use the accompanying tool that generates the required snippets for HAProxy (and other HTTP servers):
https://ssl-config.mozilla.org/

Cipher suites are not the problem, you already have suites supported by IE8 in there.

You need to share the entire configuration and the output of haproxy -vv. Available ciphers also depend on openssl release and compile options.

Here you go:

HA-Proxy version 1.9.8-1ppa2~bionic 2019/06/13 - https://haproxy.org/
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -O2 -fdebug-prefix-map=/build/haproxy-jeU9I_/haproxy-1.9.8=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-format-truncation -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wno-implicit-fallthrough -Wno-stringop-overflow -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_NS=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.1 11 Sep 2018
Running on OpenSSL version : OpenSSL 1.1.1a 20 Nov 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.3
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw-deflate(“deflate”), gzip(“gzip”)
Built with PCRE2 version : 10.31 2018-02-12
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with multi-threading support.

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as cannot be specified using ‘proto’ keyword)
h2 : mode=HTX side=FE|BE
h2 : mode=HTTP side=FE
: mode=HTX side=FE|BE
: mode=TCP|HTTP side=FE|BE

Available filters :
[SPOE] spoe
[COMP] compression
[CACHE] cache
[TRACE] trace

This.

Config:

global
         log /dev/log    local0 info
        log /dev/log    local0 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        # An alternative list with additional directives can be obtained from
        #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy


  # set default parameters to the intermediate configuration

        tune.ssl.default-dh-param 2048

ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-DES-CBC3-SHA256:DHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC-SHA:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

 
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS



defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        timeout connect 5000
        timeout client  50000
		errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http


 #Http In - forward to https
frontend IDENTITY
        bind *:80
        redirect scheme https if !{ ssl_fc }
        bind *:443 ssl crt /etc/ssl/private/wfs2.pem  alpn HTTP/1.1,HTTP/1.0

        acl host_identity hdr(host) -i hostname.com
        use_backend website1 if host_identity

# HSTS (15768000 seconds = 6 months)
  http-response set-header Strict-Transport-Security max-age=15768000


bind  *:8989
     mode http
     stats enable
     stats hide-version
     stats realm HAPROXY\ Statistics
     stats uri /haproxy
     stats auth admin:admin

 backend website1
        mode http
        option httpchk
        option forwardfor
        option http-server-close
        balance source
        cookie SERVERID insert indirect nocache
        http-request set-header X-Forwarded-Port %[dst_port]
        http-request add-header X-Forwarded-Proto https
        http-request set-header Host hostname.com

        server ixxx.com 192.168.20.xx:81  check inter 1s  cookie I1
        server ixxx.com 192.168.20.xx:81  check inter 1s  cookie I2

What is the OS you are running IE8 on that has this problem?

OpenSSL 1.1.1 removes by default some old ciphers, but there still should be some overlap. But it also depends on the OS (as schannel is a OS thing, not specific to the browser).

Can you share the domain?

My backend server is Win2019, where my website content is available.
Is there anyway that i can add old ciphers and all i want this cipher to be added in HAProxy .
TLS_RSA_WITH_3DES_EDE_CBC_SHA to make IE8 enable so that my users can access the web application.

I mean the OS of the client, where IE8 runs. Because IE8 uses the schannel SSL stack of the Operating System, that Operating System is very important.

TLS_RSA_WITH_3DES_EDE_CBC_SHA is already enabled in the configuration above (it’s DES-CBC3-SHA), but it’s not compiled in by default in OpenSSL 1.1.1, so it won’t be used.

However AES128-SHA and AES256-SHA (TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA respectively) should match a IE8 schannel stack - in theory.

Please share the domain with us and the OS where IE8 runs. You can send me the domain via private message if you prefer. But I can’t troubleshoot this without having both informations (there may be additional issues where we don’t expect any, like the haproxy build, another frontend terminating SSL in addition to haproxy).

IE8 on Windows 7 should be fine, as it supports TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA (OpenSSL: AES128-SHA and AES256-SHA):
https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8&platform=Win%207&key=21

IE8 on Windows XP needs TLS_RSA_WITH_3DES_EDE_CBC_SHA (which in OpenSSL is DES-CBC3-SHA, and is not compiled in by default in OpenSSL <= 1.1.0):
https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8&platform=XP&key=101

If your issue is with Windows XP clients, then you need recompile OpenSSL 1.1.0 or later with enable-weak-ssl-ciphers or downgrade to OpenSSL 1.0.2:

https://www.openssl.org/blog/blog/2016/08/24/sweet32/

If you do not want to recompile, I suggest you use an older OS like Centos 7 or Ubuntu Xenial. Make sure from the haproxy -vv output that OpenSSL <= 1.0.2 is used.

Thanks Lukas for all your steps provided, sorry for late response.

I have sent you my domain details in private. We still have clients using windows XP so thats the reason we want this cipher need to be enable.

May be i can try it by recompiling the OpenSSL rather than going to older OS version of Ubuntu or Centos

Looking at the domain you send in private I can confirm that IE8 on Windows XP will not be able to open it, because like I suspected 3DES is not available - you can check your site yourself at:

https://www.ssllabs.com/ssltest/

It will show:

IE 8 / XP: No FS 1 No SNI 2 Server sent fatal alert: handshake_failure

I’d strongly suggest you don’t build OpenSSL yourself. There are many pitfalls in doing so, and you need to recompile frequently, as new security fixes come out. You should only go down that road if you and your team are really willing (and have the knowledge) to monitor for new openssl releases, rebuild and rollout both openssl and haproxy fast.

Ubuntu Xenial is supported until 2021, and CentOS 7 until 2024. Using one of those would be my suggestion.

Also for Windows XP support, please do note that Service Pack 3 is absolutely required, to support SHA2 certificates. Windows XP without SP3 won’t open any HTTPS pages nowadays, because there are no SHA1 certificates around anymore.

HI Lukas,

As per your suggestion, i’m trying to load Haproxy on CentOS but im having some difficulties in uninstalling the Haproxy on it. i have installled HAproxy manuallybecause i want the latest version to be installed so i did it manually.

Can you please let me know , how can i uninstall the Haproxy when it was installled manually?What command should i have to use?

To reverse a make install, use make uninstall from the source directory.

Do not forget to manually remove init scripts/systemd unit files, if you copied those as well.