Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] jetty + ssl + haproxy (load balancer)

Hello,
   I am running embedded jetty in an equinox applications. Our clients connect to our server through an HaProxy load balancer for fault tolerance and scalability reasons. HaProxy can be configured to test each server for health. For SSL, it offers the ability to do an ssl-hello-check, which effectively sends an SSL hello, and then terminates the connection. However, after getting haproxy properly configured, we noticed that jetty throws an exception every time during the health check:
2011-04-30 11:28:00.894:WARN::EXCEPTION
javax.net.ssl.
SSLHandshakeException: Remote host closed connection during handshake
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
    at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
    at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)


From what we can tell, from the help of folks at Snapt, haproxy is simply sending "\x16" followed by 28 random bytes of data required by the sslv3 spec. I have the following questions:

1) Who is at fault here? Is it haproxy for closing the connection after saying hello? or is this an issue with the java ssl implementation?
2) It seems to be a benign exception. Can someone confirm that? Is there a way to not log it?
3) Do you have a recommendation on solving the health check problem differently? Our servers only listen on SSL ports.


Thanks!

Back to the top