[jetty-users] jetty + ssl + haproxy (load balancer)

[Khawaja Shams <kshams@xxxxxxx>]

Hello, 
   I am running embedded jetty in an equinox applications. 
Our clients connect to our server through an HaProxy load balancer for 
fault tolerance and scalability reasons. HaProxy can be configured to 
test each server for health. For SSL, it offers the ability to do an 
ssl-hello-check, which effectively sends an SSL hello, and then 
terminates the connection. However, after getting haproxy properly 
configured, we noticed that jetty throws an exception every time during 
the health check: 
2011-04-30 11:28:00.894:WARN::EXCEPTION 
javax.net.ssl.

SSLHandshakeException: Remote host closed connection during handshake
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
    at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
    at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)


From what we can tell, from the help of folks at Snapt, haproxy is simply sending "\x16" followed by 28 random bytes of data required by the sslv3 spec. I have the following questions:

1) Who is at fault here? Is it haproxy for closing the connection after saying hello? or is this an issue with the java ssl implementation?
2) It seems to be a benign exception. Can someone confirm that? Is there a way to not log it?
3) Do you have a recommendation on solving the health check problem differently? Our servers only listen on SSL ports.


Thanks!