[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-users] jetty + ssl + haproxy (load balancer)
|
Hello,
I am running embedded jetty in an equinox applications.
Our clients connect to our server through an HaProxy load balancer for
fault tolerance and scalability reasons. HaProxy can be configured to
test each server for health. For SSL, it offers the ability to do an
ssl-hello-check, which effectively sends an SSL hello, and then
terminates the connection. However, after getting haproxy properly
configured, we noticed that jetty throws an exception every time during
the health check:
2011-04-30 11:28:00.894:WARN::EXCEPTION
javax.net.ssl.
SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
From
what we can tell, from the help of folks at Snapt, haproxy is simply
sending "\x16" followed by 28 random bytes of data required by the sslv3
spec. I have the following questions:
1) Who is at fault here? Is it haproxy for closing the connection
after saying hello? or is this an issue with the java ssl
implementation?
2) It seems to be a benign exception. Can someone confirm that? Is there a way to not log it?
3) Do you have a recommendation on solving the health check problem differently? Our servers only listen on SSL ports.
Thanks!