Skip to content

Fix recurring errors when using TLS/SSL #520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Kidswiss wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix recurring errors when using TLS/SSL #520

Kidswiss wants to merge 1 commit into from

Conversation

@Kidswiss
Copy link
Contributor

@Kidswiss Kidswiss commented Apr 23, 2025
edited
Loading

Turns out haproxy needs to be told that the connection is TLS/SSL twice. Once for the tcp-check connect and then for the server-template.

If ssl is not specified in the server-template config, then there will be some plaintext tcp connections. These seem to be separate from the tcp-check connections though.

Redis will print an error such as this when it's running in TLS/SSL mode and a plaintext connection gets opened:

1:M 14 Apr 2025 14:41:03.686 # Error accepting a client connection: error:0A00010B:SSL routines::wrong version number (addr=11.35.244.11:34886 laddr=11.35.244.4:6379)

They are mostly annoying, but are harmless.

What this PR does / why we need it:

  • Short summary

Checklist

  • Chart Version bumped
  • I have run make docs
  • Variables are documented in the values.yaml using the format required by Helm-Docs.
  • PR contains the label that identifies the chart, e.g. chart/<chart-name>
  • PR contains the label that identifies the type of change, which is one of
    [ bug, enhancement, documentation, change, breaking, dependency ]

@Kidswiss Kidswiss requested a review from a team as a code owner April 23, 2025 13:59
@Kidswiss Kidswiss added chart/haproxy bug Something isn't working labels Apr 23, 2025
@Kidswiss
Fix recurring errors when using TLS/SSL
ea22eed 
Turns out haproxy needs to be told that the connection is TLS/SSL twice.
Once for the `tcp-check` connect and then for the `server-template`.

If `ssl` is not specified in the `server-template` config, then there
will be some plaintext tcp connections. These seem to be separate from
the `tcp-check` connections though.

Redis will print an error such as this when it's running in TLS/SSL mode
and a plaintext connection gets opened:

```
1:M 14 Apr 2025 14:41:03.686 # Error accepting a client connection: error:0A00010B:SSL routines::wrong version number (addr=11.35.244.11:34886 laddr=11.35.244.4:6379)
```

They are mostly annoying, but are harmless.
zugao
zugao approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor

@zugao zugao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zugao zugao zugao approved these changes

Assignees

No one assigned

Labels

bug Something isn't working chart/haproxy

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Kidswiss @zugao