Tcp Proxy tls Handshake after 12 hours

AdamHachem · February 23, 2022, 10:30am

Hí my name is Adam, im implementing an proxy for a service routing mqtt trafic to a rabbitmq server (Message broker).
Everything is correct at begining but after a few hours, the service start handling an Handshake error.
the port is listening whit tls and mutuals tls verification.

Here is my configuration:

global

stats timeout 30s

daemon

log stdout format raw local0 info

ca-base /etc/ssl/certs

crt-base /etc/ssl/private

ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

ssl-default-bind-options ssl-min-ver TLSv1.0

defaults

log     global

mode    http

option  tcplog

option  dontlognull

timeout connect 1m

timeout client  1m

timeout server  1m

frontend rabbitui-frontend

bind *:8080 ssl crt-ignore-err all crt /etc/ssl/certs/tls.pem verify none

option tcplog

mode http

default_backend rabbitui-backend

frontend rabbittcp-frontend

bind *:8081 ssl crt-ignore-err all crt /etc/ssl/certs/tls.pem verify required ca-file /etc/ssl/certs/ca.pem crl-file /etc/ssl/certs/crl.pem

mode tcp

default_backend rabbittcp-backend

backend rabbitui-backend

mode http

server s1 ${RABBITMQ_HOST}:15672

backend rabbittcp-backend

mode tcp

server s1 ${RABBITMQ_HOST}:5672

lukastribus · February 23, 2022, 3:53pm

Can you share haproxy logs when this happens? I don’t see any maxconn configuration, you should set maxconn in global/frontend and on the individual servers in the backend.

Topic		Replies	Views
Getting TLS Handshake errors Help!	0	74	April 18, 2024
CRITICAL - HAProxy SSL Handshake failure issue Help!	2	1863	May 3, 2023
Proxy protocol causes SSL handshake failure Help!	0	382	January 13, 2023
SSL Handshake failure on ssh Help!	3	792	September 24, 2022
Haproxy w/ssl 'SSL handshake failure' Help!	3	3926	February 10, 2023

Tcp Proxy tls Handshake after 12 hours

Related Topics