[Bug] TLS 1.3 issue with HAProxy

[feld]

Contact Details

No response

Version

5.8.0

Description

I am not sure if this is related to #8793 at all, but with a WolfSSL-flavored HAProxy I get this TLS error when sending requests from Erlang/Elixir:

[warning] Description: ~c"Failed to assert middlebox server message"
     Reason: [missing: {:change_cipher_spec, 1}]

[notice] TLS :client: In state :hello_middlebox_assert at ssl_gen_statem.erl:803 generated CLIENT ALERT: Fatal - Unexpected Message
 - {:unexpected_msg,
 {:internal,
  {:encrypted_extensions,
   %{
     elliptic_curves: {:supported_groups,
      [:secp521r1, :secp384r1, :secp256r1, :x25519, :ffdhe2048]}
   }}}}
{:error,
 {:tls_alert,
  {:unexpected_message,
   ~c"TLS client: In state hello_middlebox_assert at ssl_gen_statem.erl:803 generated CLIENT ALERT: Fatal - Unexpected Message\n {unexpected_msg,\n     {internal,\n         {encrypted_extensions,\n             \#{elliptic_curves =>\n                   {supported_groups,\n                       [secp521r1,secp384r1,secp256r1,x25519,ffdhe2048]}}}}}"}}}

This issue is documented upstream in Erlang as a TLS implementation bug on the server side: erlang/otp#8470

I have not tried building against WolfSSL 5.8.2 yet, but if it is believed the issue may be fixed I can do a custom build to validate as well as ensure those changes get pushed upstream in FreeBSD which is has an HAProxy variant built against WolfSSL

Reproduction steps

No response

Relevant log output

[anhu]

Hi @feld , I can't really tell if this is related to the ticket that you pointed out. I'll be helping you with this issue as well as looking into the other ticket. Can you give me step by step instructions on how to reproduce what you are seeing? Please note that I have limitted experience with HAProxy and Erlang.

Warm regards, Anthony

[anhu]

Hi,

I've successfully connected to the server with the examples/client/client and I cannot reproduce what you are seeing. I've built with both WOLFSSL_TLS13_MIDDLEBOX_COMPAT defined and undefined.

./configure 

./configure CFLAGS=-DWOLFSSL_TLS13_MIDDLEBOX_COMPAT

Both yield the same results.

$ ./examples/client/client -h eagle.mxlogin.com -p 465 -d -v 4 
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_256_GCM_SHA384
SSL curve name is SECP256R1
220 eagle.mxlogin.com ESMTP Exim 4.98.1 Tue, 02 Sep 2025 20:50:05 +0000

So, detailed steps to reproduce would be helpful.

Warm regards, Anthony

[anhu]

Hi,

Please let me know . Should I close this ticket?

[anhu]

I'm going to assume this issue has resolved itself and close it. Please re-open if I'm wrong.

[feld]

Hi, I hit this again. Sorry I missed your replies (life gets busy).

I have extracted the exact Elixir code out of the library that was hitting this issue and condensed it down to a simple test case pointed at my server running HaProxy WolfSSL

Haproxy: 3.2.11
WolfSSL: 5.8.4

#!/usr/bin/env elixir

url = "https://obj.feld.me/tailwind/v3.4.17/tailwindcss-freebsd-x64"

url = String.to_charlist(url)

{:ok, _} = Application.ensure_all_started(:inets)
{:ok, _} = Application.ensure_all_started(:ssl)

:logger.set_application_level(:ssl, :debug)

http_options =
  [
    ssl: [
      verify: :verify_peer,
      cacerts: :public_key.cacerts_get(),
      depth: 2,
      customize_hostname_check: [
        match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
      ],
      versions: [:"tlsv1.2", :"tlsv1.3"]
    ]
  ]

options = [body_format: :binary]

:httpc.request(:get, {url, []}, http_options, options)

you should get the following error:

11:00:44.996 [warning] Description: ~c"Failed to assert middlebox server message"
     Reason: [missing: {:change_cipher_spec, 1}]


11:00:45.014 [notice] TLS :client: In state :hello_middlebox_assert at ssl_gen_statem.erl:821 generated CLIENT ALERT: Fatal - Unexpected Message
 - {:unexpected_msg,
 {:internal,
  {:encrypted_extensions,
   %{
     elliptic_curves: {:supported_groups,
      [:secp521r1, :secp384r1, :secp256r1, :x25519, :ffdhe2048]}
   }}}}

edit: you might need to point to a URL you control, I'm flipping mine back and forth between OpenSSL and WolfSSL while I debug some other issues

[anhu]

Can you please send debug logs?

[feld]

I don't know if this is what you want, but I tried to set haproxy to do raw formatted output of debug logs to stdout and I only see these two lines when the error occurs:

fd[0x30] OpenSSL error[0x132] : parse error on header
10.27.3.4:27658 [12/Feb/2026:21:55:16.183] front/secure: SSL handshake failure (unknown error number)

[feld]

I have attached a pcap of what I'm seeing as well.

wolfssl.pcap.gz

[anhu]

Its too bad the error number was not disaplayed. Oh well.
I had a look at the wolfssl.pcap.gz. The clientHello advertises support for TLS 1.2 and TLS 1.3 and sends over the X25519 key share for doing key exchange.

The server replies back with a serverHello that selects TLS 1.3 and an X25519 key share for doing key exchange.

At this the server and client establish a shared secret and the rest of the communications are encrypted. I can tell that the server is likely sending over a certificate and other handshake related data, but since it is encrypted, I cannot tell what is being sent. Notably, nothing is being sent from the client.

I have a few questions (sorry, its been a while since I last worked on this ticket and I'm somewhat foggy):

• who is erroring out? Is it the server or the client?
• is wolfSSL the server or the client?
• is the server expecting something from the client? For example, is it requiring a certificate for mutual authentication?
• Can you send me all related certificates? Please DO NOT send any private keys.

Warm regards, Anthony

[feld]

1. I think the server (Haproxy/WolfSSL) is the cause of the error because of the "parse error on header" message I see with HaProxy
2. WolfSSL is server-side. The client is going to be Erlang/OTP (Elixir) with its own TLS implementation
3. Just a regular webserver, nothing special. When I point the URL to my blog behind the same Haproxy, the issue is reproduced.
4. attached

feld.me.pem.txt

[anhu]

When you build wolfSSL , please add --enable-debug to the command line and then call wolfSSL_Debugging_ON() in haproxy code somewhere. This should enable a lot of debugging messages to be output. I'm not exactly sure where HAPROXY will put the messages. They usually go to stderr.