So here’s the deal - we have 2 HA proxy instances setup behind a google load balancer. The decryption endpoint is the HA proxy instances. Behind HA proxy there’s 6 web servers.
We have ONE client that is having issues accessing the system, they are getting an SSL handshake failure, and they are using java as a client (I’m verifying the version).
In our logs we see thousands of SSL handshake failures. We’re pretty strict, TLS 1.2 only, HSTS, but our cipher support is fairly broad.
They see this in their logs:
" %% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
But it just hangs and they get a handshake error.
java.io.IOException: javax.net.ssl.SSLException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.readV3Record(InputRecord.java:581) at sun.security.ssl.InputRecord.read(InputRecord.java:533)
I have no idea at this point what to do. Any help would be great.