Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

ssl_client_cert header truncated

Some calls were failing when our application is looking for ssl_client_cert header. (flow: incoming-request --> (443>haproxy>4440) --> app_server:4440)

The current assumption is, haproxy fails to forward ssl_client_cert header sometimes.

Looking at the tcpdump, I see "[truncated]ssl_client_cert". This is while sending the packet to the backend server: question: what does it mean when a http header is marked as truncated?

Frame 6886: 2005 bytes on wire (16040 bits), 2005 bytes captured (16040 bits)
Ethernet II, Src: 02:4b:47:b5:28:12 (02:4b:47:b5:28:12), Dst: MS-NLB-PhysServer-07_38:d4:91:04 (02:07:38:d4:91:04)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 57680, Dst Port: 4440, Seq: 1, Ack: 1, Len: 1939
Hypertext Transfer Protocol
    GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n]
            [GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d
        Request Version: HTTP/1.1
    Accept: application/json,application/json\r\n
    User-Agent: Jersey/2.25.1 (HttpUrlConnection 11.0.8)\r\n
    ssl_client_user: kenAltId:e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d|gwayId:3|tenantId:8216199|instanceId:ken-qa\r\n
    ssl_client_cert_used: 1\r\n
    X-Forwarded-Proto: https\r\n
    Connection: close\r\n
    [Full request URI:]
    [HTTP request 1/1]
    [Response in frame: 6887]