Redis 6.0.5 SSL routines:ssl_get_prev_session:session id context uninitialized #7458
Description
Im using redis cluster and monitor master via haproxy.
haproxy conf
frontend ft_redis
bind 127.0.0.1:16379
mode tcp
default_backend bk_redis_master
backend bk_redis_master
option tcp-check
tcp-check connect ssl
tcp-check send AUTH\ XXXXXXXXX\r\n ssl
tcp-check expect string +OK ssl
tcp-check send PING\r\n ssl
tcp-check expect string +PONG ssl
tcp-check send info\ replication\r\n ssl
tcp-check expect string role:master ssl
tcp-check send QUIT\r\n ssl
tcp-check expect string +OK ssl
server server4 192.168.1.100:16378 check check-ssl ssl verify none
server server5 192.168.1.101:16378 check check-ssl ssl verify none
server server6 192.168.1.102:16378 check check-ssl ssl verify none
redis.conf
## tls
tls-port 16378
tls-cert-file "/etc/redis/tls/redis.crt"
tls-key-file "/etc/redis/tls/redis.key"
tls-dh-params-file "/etc/redis/tls/redis.dh"
tls-ca-cert-file "/etc/redis/tls/ca.crt"
tls-ca-cert-dir "/etc/ssl/certs"
tls-auth-clients no
tls-replication yes
tls-cluster yes
#tls-protocols "TLSv1.2"
tls-protocols "TLSv1.2 TLSv1.3"
tls-ciphers DEFAULT:!MEDIUM
tls-ciphersuites "TLS_CHACHA20_POLY1305_SHA256"
tls-prefer-server-ciphers yes
Checks are flapping with ssl errors in redislogs
14203:S 02 Jul 2020 11:19:34.116 # Error accepting a client connection: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized (conn: fd=9)
14203:S 02 Jul 2020 11:19:40.155 # Error accepting a client connection: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized (conn: fd=9)
haproxy log
[WARNING] 183/112541 (8980) : Server bk_redis_master/server6 is DOWN, reason: Socket error, info: "SSL handshake failure at step 1 of tcp-check (connect)", check duration: 32ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 183/112541 (8980) : backend 'bk_redis_master' has no server available!
[WARNING] 183/112545 (8980) : Server bk_redis_master/server6 is UP, reason: Layer7 check passed, code: 0, info: "(tcp-check)", check duration: 121ms. 1 active and 0 backup servers online. 0 sessions requeued, 0 total in queue.
and master is not available. It starts working after some seconds/haproxy check retry
OpenSSL> version
OpenSSL 1.1.1d 10 Sep 2019
Debian buster