On Thu, Apr 01, 2021 at 06:48:59PM -0700, Nathan Konopinski wrote: > Sorry about that. Here's a capture of the problem. Clients report errors > when they get two TLS app data packet responses. Nginx always sends a > single and haproxy usually but not always sends a single. The content > length of the response is always the same, just under 13.9kb.[image: > mailing_list.jpg]
Well, it should be irrelevant, as the TLS layer is free to segment its records as it desires. It's even valid to send everything in 1-byte records. So either these two records happen when there's something else and are just the visible symptom of another problem, or the client doesn't process records correctly. At this point I have no idea, and TLS tends to leave me speechless as usual since it's designed to prevent debugging :-( Willy
