Layer6 invalid response, info: "SSL handshake failure"

Aebian · April 13, 2024, 12:21am

Somehow all the other posts don’t specifically solve my issue so…
Hi all,

I have two backend servers that are running on Port 443 SSL via IIS using the CCS (Centralized Certification Server) module.

Access to those two backend servers works fine:

However the health check on HaProxy fails with a Layer 6 issue.
[WARNING] (5477) : Server cso-cs-frontends/otcs01 is DOWN, reason: Layer6 invalid response, info: "SSL handshake failure", check duration: 1ms. 1 active and 0 backup servers left.

I already tried to use a verifyhost however it did not solve the issue. Ideas? The certificate is a wildcard one from sectigo since dev machines.

backend config:

backend cso-cs-frontends
    balance roundrobin
    mode http
    cookie SERVERID insert indirect nocache
    server otcs01 msecmcsf01.otxlab.net:443 ssl verifyhost msecmcsf01.otxlab.net verify required ca-file /data/cso-fs-ssl/sectigo-cert-chain.crt cookie msecmcsf01 check
    server otcs02 msecmcsf02.otxlab.net:443 ssl verifyhost msecmcsf02.otxlab.net verify required ca-file /data/cso-fs-ssl/sectigo-cert-chain.crt cookie msecmcsf02 check

Thanks!

Aebian · April 24, 2024, 8:03am

Did a few additional troubleshooting steps but it doesn’t make any sense:

openssl s_client -connect msecmcsf01.otxlab.net:443 says:

SSL handshake has read 5236 bytes and written 407 bytes
Verification: OK

Which is what I expect since a connect from a clients browser works fine
Anyone else has any idea what could be wrong here?

Topic		Replies	Views
Layer6 invalid response: SSL handshake failure Help!	6	5183	June 7, 2022
Backend server ssl verification error Help!	3	1238	May 13, 2022
Backend down: Layer6 invalid response, info: "SSL handshake failure" Help!	2	1126	October 10, 2023
SSL Handshake issue Help!	9	6941	May 23, 2018
SSL handshake error Help!	1	95	March 22, 2024

Layer6 invalid response, info: "SSL handshake failure"

Related Topics