We’ve updated our Terms of Service. A new AI Addendum clarifies how Stack Overflow utilizes AI interactions.

haproxy tls alert decrypt error

Asked 6 years, 9 months ago

Modified 6 years, 9 months ago

Viewed 1k times

1

I'm using haproxy 1.8.17 and openssl 1.1.1a from Debian testing to serve TLS 1.2 connections with client authentication.

In wireshark I observe the usual TLS messages:

client->server: Client Hello
server->client: Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
client->server: Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message

Now HAProxy answers with: Alert (Level: Fatal, Description: Decrypt Error)

So my question is: what can cause this type of error?

edited Jan 24, 2019 at 8:40

asked Jan 21, 2019 at 13:57

639 bronze badges

RFC5246: "A handshake cryptographic operation failed, including being unable to correctly verify a signature or validate a Finished message. This message is always fatal."

C.Scharfenberg
– C.Scharfenberg

2019-01-22 10:33:48 +00:00
Commented Jan 22, 2019 at 10:33

Add a comment |

1 Answer 1

Sorted by:

0

In this case the cause of the error is very simple: I've used the wrong CA cert in the haproxy config.

edited Jan 25, 2019 at 12:54

answered Jan 25, 2019 at 10:45

639 bronze badges

Add a comment |

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.