Some calls were failing when our application is looking for ssl_client_cert header. (flow: incoming-request --> (443>haproxy>4440) --> app_server:4440)
The current assumption is, haproxy fails to forward ssl_client_cert header sometimes.
Looking at the tcpdump, I see "[truncated]ssl_client_cert". This is while sending the packet to the backend server: question: what does it mean when a http header is marked as truncated?
Frame 6886: 2005 bytes on wire (16040 bits), 2005 bytes captured (16040 bits)
Ethernet II, Src: 02:4b:47:b5:28:12 (02:4b:47:b5:28:12), Dst: MS-NLB-PhysServer-07_38:d4:91:04 (02:07:38:d4:91:04)
Internet Protocol Version 4, Src: 192.168.53.159, Dst: 192.168.193.206
Transmission Control Protocol, Src Port: 57680, Dst Port: 4440, Seq: 1, Ack: 1, Len: 1939
Hypertext Transfer Protocol
GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n]
[GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d
Request Version: HTTP/1.1
Accept: application/json,application/json\r\n
User-Agent: Jersey/2.25.1 (HttpUrlConnection 11.0.8)\r\n
Host: ken-qa.eu10.cp.abo.com\r\n
ssl_client_user: kenAltId:e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d|gwayId:3|tenantId:8216199|instanceId:ken-qa\r\n
**[truncated]ssl_client_cert:** MIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLo
ssl_client_cert_used: 1\r\n
X-Forwarded-Proto: https\r\n
X-Forwarded-For: 217.191.10.72\r\n
Connection: close\r\n
\r\n
[Full request URI: http://ken-qa.eu10.cp.abo.com/commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d]
[HTTP request 1/1]
[Response in frame: 6887]
