We are using self signed certificate behind a range of load balancers, the endpoints use Self Signed Certificates.
When testing the endpoints directly using CURL, we get intermittent SSL Connect errors (Code 35)
Here is an example output of a failed attempt:
curl --insecure example.com/index.html
- Trying 9773...
- TCP_NODELAY set
- Connected to example.com (10.8.49.98) port 9773 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/ssl/cert.pem CApath: none
- TLSv1.2 (OUT), TLS handshake, Client hello (1):
- TLSv1.2 (IN), TLS handshake, Server hello (2):
- TLSv1.2 (IN), TLS handshake, Certificate (11):
- TLSv1.2 (IN), TLS handshake, Server key exchange (12):
- TLSv1.2 (IN), TLS handshake, Server finished (14):
- TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
- TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
- TLSv1.2 (OUT), TLS handshake, Finished (20):
- LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to example.com
- Closing connection 0 curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to example.com:9773
Is this due to a misconfiguration? Server performance issue? Network?
Server is Tomcat 8.
Command used to create the certificate:
openssl req -x509 -newkey rsa:4096 -nodes -keyout private.pem -out public.crt -days 365 -subj '/CN=example.com'
The associated Tomcat SSL configuration:
<Connector port="9773" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
compression="on"
address="0.0.0.0"
>
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig
protocols="TLSv1.2"
>
<Certificate
certificateFile="/ssl/certs/public.crt"
certificateKeyFile="/ssl/certs/private.pem"
/>
</SSLHostConfig>
</Connector>
0 Answers