HAProxy not working with ALPN

Question

I need to use ALPN in order to configure HAProxy for HTTP/2 support. After configuring HAProxy I tried to restart but it failed. Even upgrading openssl to 1.0.2 did not help. Wikipedia states tat ALPN is supported since 1.0.2. The system I am running is Ubunut 14.04. LTS

Those are the error messages:

[ALERT] 364/162959 (3104) : parsing [/etc/haproxy/haproxy.cfg:137] : 'bind 192.143.56.150:443' : 'alpn' : library does not support TLS ALPN extension
[ALERT] 364/162959 (3104) : parsing [/etc/haproxy/haproxy.cfg:142] : error detected while parsing switching rule : unknown fetch method 'ssl_fc_alpn' in ACL expression 'ssl_fc_alpn'.
[ALERT] 364/162959 (3104) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg

 * Restarting haproxy haproxy                                            [fail] 
$ openssl version -v
OpenSSL 1.0.2j  26 Sep 2016

$ haproxy -vv | grep -i openssl
  OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes

I have the impression as HAProxy was built with the old openssl lib and I need to rebuild. Is this correct? If yes, what would be the best way doing this. Not sure if this is a ubuntu package or self compiled.

score 0 · Answer 1 · answered Dec 30 '16 at 16:11

0

Maybe this link Compile HAProxy from source on Ubuntu would be useful to you.

answered Dec 30 '16 at 16:11

lg.

4,649
3
21
20

score 0 · Answer 2 · answered Jan 05 '17 at 23:43

I have the impression as HAProxy was built with the old openssl lib and I need to rebuild. Is this correct?

Yes. Or at least install a more modern version.

If yes, what would be the best way doing this. Not sure if this is a ubuntu package or self compiled.

Well, would be good if you could get yourself an idea about the install source. I've just checked, and the backport of HAProxy available in Ubuntu 14.04 is compiled against openssl 1.0.1, so you would gain nothing. You could use this service to get modern packages for your OS; these are provided by the maintainer Vincent Bernat. If you need any further help, let me know.

HAProxy not working with ALPN

2 Answers2