Haproxy – possible values of req.ssl_hello_type

I’ve recently hit a snag configuring haproxy for one of my side projects, specifically I couldn’t find documentation for all the possible values of req.ssl_hello_type sample fetch.

Thankfully i’ve had help from haproxy irc channel so sharing my findings here for those in similar situation.

Possible values of haproxy req.ssl_hello_type sample fetch:

  • 0 means there was no client hello
  • 1 is a client hello
  • 2 is a server hello

This fetch is usually used to check if this is ssl/tls traffic or not.

People commonly use { req.ssl_hello_type 1 } check to direct SSL/TLS traffic to specific backed.

If you are interested in example – here’s one where we could use single port to listen to both HTTP and HTTPS and then based on above check redirect HTTP consumers to HTTPS:


Leave a Comment