Okay, I figured it out. For anyone that is interested:
My ISP at home is a cable TV provider. He gave me this modem that is
connected to my computer via Ethernet and to the TV cable. The whole
thing is configured to use DHCP and it gives me MTU = 576. And here it
goes:
I send SSL Client Hello to Haproxy;
Haproxy forwards Client Hello to the backend;
Backend sends Server Hello to Haproxy (immediately);
Haproxy sends Server Hello to me (immediately);
... some error and 3s go by...
Haproxy resends Server Hello to me.
Server Hello (and other data sent in this phase) is 1196 bytes long. Regarding my MTU, the MSS is 536. So the whole Server Hello should be sent in three segments that are respective 536, 536, 124 bytes long. But the haproxy side tries to send a segment that is 1072 bytes long... This fails and after 3s the segment is split into two 536-byte long segment and sent again.
I don't know why this is happening, but it looks like it's not Haproxy fault after all.
Thanks for all the help anyway!
Cheers,
Mike Received on 2008/06/18 21:39
This archive was generated by hypermail 2.2.0 : 2008/06/18 21:45 CEST