Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Encypted Alert 21 (tls v1.2) - HAProxy issue

    Cache/Proxy
    1
    1
    94
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      urbanovits last edited by urbanovits

      Hello,

      My pfsense -latest build- have several WEB sites published over HTTPS. Some of published sites have dynamically changing content, such as a vCenter server HTML access (access virtual machines over http) stuck on encrypted alert randomly between 15-70secs.
      I had test using http/https // ssl/https // tcp Frontend settings with Disable hardware checksum offload, Disable hardware TCP segmentation offload, Disable hardware large receive offload firewall settings. And default back-end set to vCenter (guessing lack of SSL SNI support) Nothing has changed.
      Only front-end have valid certificate by Letsencrypt (SNI), all backends used random non-trusted self signed certs.
      pfSense running top of VMWare 6.x single vpc with two cores.

      interesting part: Same virtual PC publishing scheme with Apache Guacamole working like charm.

      Mentioned because all of above (vCenter/Guacamole) using HTML5. Or I missed something.

      Temporary workaround to fix using NAT by firewall itself where no such issue occurring.

      Any suggestion about HAProxy settings to fix?

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post