Encypted Alert 21 (tls v1.2) - HAProxy issue



  • Hello,

    My pfsense -latest build- have several WEB sites published over HTTPS. Some of published sites have dynamically changing content, such as a vCenter server HTML access (access virtual machines over http) stuck on encrypted alert randomly between 15-70secs.
    I had test using http/https // ssl/https // tcp Frontend settings with Disable hardware checksum offload, Disable hardware TCP segmentation offload, Disable hardware large receive offload firewall settings. And default back-end set to vCenter (guessing lack of SSL SNI support) Nothing has changed.
    Only front-end have valid certificate by Letsencrypt (SNI), all backends used random non-trusted self signed certs.
    pfSense running top of VMWare 6.x single vpc with two cores.

    interesting part: Same virtual PC publishing scheme with Apache Guacamole working like charm.

    Mentioned because all of above (vCenter/Guacamole) using HTML5. Or I missed something.

    Temporary workaround to fix using NAT by firewall itself where no such issue occurring.

    Any suggestion about HAProxy settings to fix?

    Thanks


Log in to reply