Detailed Description of the Problem
Fail to perform http check on master branch.
Expected Behavior
<134>Apr 5 06:56:02 haproxy[161883]: ::1:34478 [05/Apr/2026:06:56:02.531] fe1~ fe1/<NOSRV> 0/-1/-1/-1/0 200 49 - - LR-- 1/1/0/0/0 0/0 "GET /api/healthz HTTP/2.0" 0/0000000000000000/0/0/0 repo.example.com/TLSv1.3/TLS_AES_256_GCM_SHA384
<134>Apr 5 06:56:04 haproxy[161883]: ::1:35336 [05/Apr/2026:06:56:04.537] fe1~ fe1/<NOSRV> 0/-1/-1/-1/0 200 49 - - LR-- 1/1/0/0/0 0/0 "GET /api/healthz HTTP/2.0" 0/0000000000000000/0/0/1 repo.example.com/TLSv1.3/TLS_AES_256_GCM_SHA384
Steps to Reproduce the Behavior
- haproxy -f main.cfg
Do you have any idea what may have caused this?
No response
Do you have an idea how to solve the issue?
No response
What is your configuration?
# main.cfg
defaults
mode http
option httpslog
log stderr local0
timeout client 5s
timeout server 5s
timeout connect 5s
backend be1
server srv1 localhost:8443 check ssl check-alpn h2,http/1.1 check-sni repo.example.com sni str(repo.example.com) verify none
option httpchk
http-check connect default
http-check send meth GET uri /api/healthz ver HTTP/1.1 hdr host repo.example.com
http-check send-state
http-check expect status 200
frontend fe1
bind localhost:8443 ssl crt reg-tests/ssl/certs/common.pem
http-request return if { path /api/healthz }Output of haproxy -vv
HAProxy version 3.4-dev8-ca53ee-14 2026/04/04 - https://haproxy.org/
Status: development branch - not safe for use in production.
Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open
Running on: Linux 6.19.10-300.fc44.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 25 18:23:49 UTC 2026 x86_64
Build options :
TARGET = linux-glibc
CC = clang
CFLAGS = -O2 -g -fwrapv -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security
OPTIONS = USE_OPENSSL_AWSLC=1 USE_LUA=1 USE_QUIC=1 USE_PROMEX=1 USE_PCRE2=1 USE_PCRE2_JIT=1
DEBUG =
Feature list : -51DEGREES +ACCEPT4 +ACME +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ECH -ENGINE +EPOLL -EVPORTS +GETADDRINFO +HAVE_TCP_MD5SIG -KQUEUE +KTLS -LIBATOMIC +LIBCRYPT +LINUX_CAP +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL +OPENSSL_AWSLC -OPENSSL_WOLFSSL -OT -PCRE +PCRE2 +PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL +PROMEX -PTHREAD_EMULATION +QUIC -QUIC_OPENSSL_COMPAT +RT +SHM_OPEN +SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL -ZLIB
Detected feature list : +HAVE_WORKING_TCP_MD5SIG
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_TGROUPS=32, MAX_THREADS=1024, default=2).
Built with SSL library version : OpenSSL 1.1.1 (compatible; AWS-LC 1.71.0)
Running on SSL library version : AWS-LC 1.71.0
SSL library supports TLS extensions : yes
SSL library supports SNI : yes
SSL library FIPS mode : no
SSL library default verify directory : /etc/ssl/certs
SSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
QUIC: connection sock-per-conn mode support : yes
QUIC: GSO emission support : yes
Built with Lua version : Lua 5.4.8
Built with the Prometheus exporter as a service
Built with network namespace support.
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE2 version : 10.47 2025-10-21
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with clang compiler version 22.1.1 (Fedora 22.1.1-2.fc44)
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
quic : mode=HTTP side=FE|BE mux=QUIC flags=HTX|NO_UPG|FRAMED
qmux : mode=HTTP side=FE|BE mux=QMUX flags=HTX|NO_UPG
h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|HOL_RISK|NO_UPG
h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG
<default> : mode=HTTP side=FE|BE mux=H1 flags=HTX
fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG
spop : mode=SPOP side=BE mux=SPOP flags=HOL_RISK|NO_UPG
<default> : mode=SPOP side=BE mux=SPOP flags=HOL_RISK|NO_UPG
none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG
<default> : mode=TCP side=FE|BE mux=PASS flags=
Available services : prometheus-exporter
Available filters :
[BWLIM] bwlim-in
[BWLIM] bwlim-out
[CACHE] cache
[COMP] comp-req
[COMP] comp-res
[COMP] compression
[FCGI] fcgi-app
[SPOE] spoe
[TRACE] trace
Last Outputs and Backtraces
[NOTICE] (161871) : Automatically setting global.maxconn to 262128.
<134>Apr 5 06:52:55 haproxy[161871]: ::1:48654 [05/Apr/2026:06:52:55.818] fe1/2: SSL handshake failure (error:1000009c:SSL routines:OPENSSL_internal:HTTP_REQUEST)
[WARNING] (161871) : Server be1/srv1 is DOWN, reason: Socket error, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
<129>Apr 5 06:52:55 haproxy[161871]: Server be1/srv1 is DOWN, reason: Socket error, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] (161871) : backend 'be1' has no server available!
<128>Apr 5 06:52:55 haproxy[161871]: backend be1 has no server available!
<134>Apr 5 06:52:57 haproxy[161871]: ::1:48658 [05/Apr/2026:06:52:57.822] fe1/1: SSL handshake failure (error:1000009c:SSL routines:OPENSSL_internal:HTTP_REQUEST)
Additional Information
No response
Detailed Description of the Problem
Fail to perform http check on master branch.
Expected Behavior
Steps to Reproduce the Behavior
Do you have any idea what may have caused this?
No response
Do you have an idea how to solve the issue?
No response
What is your configuration?
Output of
haproxy -vvLast Outputs and Backtraces
Additional Information
No response