Hello,
We terminate SSL on our haproxy and most of time it works fine. At the peak hour, however, we see that the haproxy sometimes returns a reset packet (RST) to client’s TLS Client Hello when it’s supposed to return TLS Server Hello. Considering this happens only at the peak hour, I think it might be a performance issue. Thing is that the server’s CPU usage is not that high. The haproxy is configured with nbproc of 20 (the server has 28 cores.) and the CPU usage is less than 10% even at the peak. We also increased the tune.ssl.cachesize to 10000000 from the default value but it does not seem to mitigate the issue at all. Any idea or suggestion would be greatly appreciated.
Regards,
Ty