haproxy错误400与选项ssl-hello-chk

您可以增加apache日志级别以获取有关HAPROXY hello请求的更多信息。

要查看会发生什么情况，可以使用curl并打开详细消息：

curl -k -v https://real-https-apache.com

Curl应该通知你有关不同的过程，包括client-hello和server-hello。

然后也检查Apache日志

这就是这样一个curl请求的样子：

$ curl -k -v https://graph.facebook.com * About to connect() to graph.facebook.com port 443 (#0) * Trying 66.220.146.100... connected * Connected to graph.facebook.com (66.220.146.100) port 443 (#0) * error setting certificate verify locations, continuing anyway: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * SSLv2, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES128-SHA * Server certificate: * subject: /C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=*.facebook.com * start date: 2010-01-13 00:00:00 GMT * expire date: 2013-04-11 23:59:59 GMT * common name: *.facebook.com (matched) * issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. > GET / HTTP/1.1 > User-Agent: curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.1 > Host: graph.facebook.com > Accept: */* > < HTTP/1.1 302 Found < Cache-Control: private, no-cache, no-store, must-revalidate < Expires: Sat, 01 Jan 2000 00:00:00 GMT < Location: http://developers.facebook.com/docs/api < Pragma: no-cache < X-FB-Rev: 575092 < Content-Type: text/html; charset=utf-8 < X-FB-Debug: sYq1u5Ffp1JE7p5IafErxiU6MNT6i1fXCEkn51nFxr8= < Date: Mon, 18 Jun 2012 10:49:17 GMT < Connection: keep-alive < Content-Length: 0 < * Connection #0 to host graph.facebook.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1):