Encypted Alert 21 (tls v1.2) - HAProxy issue
My pfsense -latest build- have several WEB sites published over HTTPS. Some of published sites have dynamically changing content, such as a vCenter server HTML access (access virtual machines over http) stuck on encrypted alert randomly between 15-70secs.
I had test using http/https // ssl/https // tcp Frontend settings with Disable hardware checksum offload, Disable hardware TCP segmentation offload, Disable hardware large receive offload firewall settings. And default back-end set to vCenter (guessing lack of SSL SNI support) Nothing has changed.
Only front-end have valid certificate by Letsencrypt (SNI), all backends used random non-trusted self signed certs.
pfSense running top of VMWare 6.x single vpc with two cores.
interesting part: Same virtual PC publishing scheme with Apache Guacamole working like charm.
Mentioned because all of above (vCenter/Guacamole) using HTML5. Or I missed something.
Temporary workaround to fix using NAT by firewall itself where no such issue occurring.
Any suggestion about HAProxy settings to fix?