I need to use ALPN in order to configure HAProxy for HTTP/2 support. After configuring HAProxy I tried to restart but it failed. Even upgrading openssl to 1.0.2 did not help. Wikipedia states tat ALPN is supported since 1.0.2. The system I am running is Ubunut 14.04. LTS
Those are the error messages:
[ALERT] 364/162959 (3104) : parsing [/etc/haproxy/haproxy.cfg:137] : 'bind 192.143.56.150:443' : 'alpn' : library does not support TLS ALPN extension
[ALERT] 364/162959 (3104) : parsing [/etc/haproxy/haproxy.cfg:142] : error detected while parsing switching rule : unknown fetch method 'ssl_fc_alpn' in ACL expression 'ssl_fc_alpn'.
[ALERT] 364/162959 (3104) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
* Restarting haproxy haproxy [fail]
$ openssl version -v
OpenSSL 1.0.2j 26 Sep 2016
$ haproxy -vv | grep -i openssl
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
I have the impression as HAProxy was built with the old openssl lib and I need to rebuild. Is this correct? If yes, what would be the best way doing this. Not sure if this is a ubuntu package or self compiled.
Best Answer
Maybe this link Compile HAProxy from source on Ubuntu would be useful to you.