We use a self-signed certificate behind a range of load balancers, endpoints use self-signed certificates.
When testing endpoints directly using CURL, we get intermittent SSL connection errors (Code 35)
Here is an example of exit from a failed attempt:
curl –insecure example.com/index.html
- Try 9773 …
- TCP_NODELAY defined
- Connected to the port example73 (10.8.49.98) 9773 (# 0)
- ALPN, offering h2
- ALPN, offering http / 1.1
- correctly define the certificate verification locations:
- CAfile: /etc/ssl/cert.pem CApath: none
- TLSv1.2 (OUT), TLS contact, hello customer (1):
- TLSv1.2 (IN), TLS negotiation, hello from the server (2):
- TLSv1.2 (IN), TLS negotiation, certificate (11):
- TLSv1.2 (IN), TLS negotiation, server key exchange (12):
- TLSv1.2 (IN), TLS contact, server finished (14):
- TLSv1.2 (OUT), TLS negotiation, customer key exchange (16):
- TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
- TLSv1.2 (OUT), TLS contact, finished (20):
- LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection with example.com
- Connection closed 0 curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL connecting to example.com:9773
Is it due to a bad configuration? Server performance problem? Network?
The server is Tomcat 8.
Command used to create the certificate:
openssl req -x509 -newkey rsa:4096 -nodes -keyout private.pem -out public.crt -days 365 -subj '/CN=example.com'
The associated Tomcat SSL configuration: