Server dropped connection with Safari on OS X or iOS client


#1

Server: HAProxy 1.7.5 in HTTP/SSL termination mode.

The problem is SSL sites behind my HAProxy load balancer are able to be connected to with Chrome/Firefox/Internet Explorer on Windows OSX and Linux (for the first two). But I’m unable to connect to said sites when using an OS X or iOS client with Safari.

I can connect to http sites terminated at my load balancer from Safari/iOS just fine, just not https sites.

I’m using SSL configuration parameters derived from the Mozilla TLS configuration tool, but have tried weaking them with no success.

    ssl-dh-param-file /etc/ssl/dhparam.pem
    ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

I get an A result on dev.ssllabs.com so that’s not an issue, per se, but it is something between my SSL setup and something Safari doesn’t like.

Any help is appreciated.

Thanks


#2

Please share the output of haproxy -vv, the exact OS-X, IOS and Safari release, as well as your certificate type (RSA 2048bit, or other?).


#3

haproxy -vv

root@lb-lan:~# haproxy -vv
HA-Proxy version 1.7.5-2~bpo8+1 2017/05/27
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
  OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_NS=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2k  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2l  25 May 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.35 2014-04-04
Running on PCRE version : 8.35 2014-04-04
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with Lua version : Lua 5.3.1
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with network namespace support

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
        [COMP] compression
        [TRACE] trace
        [SPOE] spoe

r

the exact OS-X, IOS and Safari release

For Safari, Version 11.0.2 (11604.4.7.1.4) on OSX 10.11.6. Unsure of the exact iOS versions tested, and what my friend has, but I will check later.

My friend was using iOS 11.2.2

well as your certificate type (RSA 2048bit, or other?).

The certificate is RSA-4096 issued by Let’s Encrypt.

Thanks


#4

I don’t know whats going on based on the information in this thread.

I generally recommend not using RSA 4096 bit, because its slow (on the server side). Use ECC certificates instead, they are fast and more secure than 4096 RSA. But that won’t be causing any issues with Apple devices, it’s just a general recommendation.

Can you share the link to this site?


#5

Sure thing

The Let’s Encrypt client I use (getssl) uses RSA-4096 by default, but I’m sure it can be changed if needed.

https://mastermind.teamclassified.ca is one site behind the load balancer that exhibits this issue (and does HTTP->HTTPS redirect).

Thanks


#6

I can try an RSA-2048 certificate on a test domain in a bit.


#7

https://rsa2048.teamclassified.ca

RSA-2048 certificate issued by Let’s Encrypt.

Unfortunately no change with Safari


#8

Looks like you have a NPN configuration with spdy/3.1 configured.

Can you please try without npn, I believe there maybe a missconfiguration with NPN/spdy/3.1 and Safari may be the only browser that still negotiates this.


#9

That worked.

I just removed spdy from npn

(The error is just from my default “no_host” backend)

And other sites hosted on the same load balancer work too.

Thanks