SSL handshake failure - TCP FIN


#1

Hi,
I’m using HA-Proxy version 1.7.8 as HTTPS termination proxy in a VPN.

After upgrading from 1.5.7 (I think) to this new version (1.7.8), I’ve got a lot of “SSL handshake failure” from the same address every 5 seconds. So I’ve “dumped” the SSL communication and it has only this:
1 0.0013 (0.0013) C>S TCP FIN
1 0.0014 (0.0001) S>C TCP FIN

So to me it looks like that some server is “pinging” haproxy. I’ve been able to simulate it by connecting to the haproxy HTTPS socket and then immediately dropping it. The same error in the log appeared from my IP.

So it looks like it is harmless (but will find out what is this “pinging” address exactly next week, as the main infrastructure guy is on the vacation) and is only polluting my logs. Could I somehow disable logging it from this particular address or disable all “empty” requests? I already have “option dontlognull”, but no success.

Thank You


#2

Hah! After sending the message I just found in the documentation the “monitor-net” and “monitor-uri”. Using “monitor-net” I could specify the single IP address.

Anyway, if someone has a better idea, I’m still open.

Thank You