Hi, all

I have path: request https -> nginx -> haproxy -> http application
It works fine until I add client certificate authentication on haproxy.
When I add client certificate authentication on haproxy I getting error on nginx:

2019/03/14 17:39:39 [error] 1090#0: *6254 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure:SSL alert number 40) while SSL handshaking to upstream,

When I test it without nginx (https -> haproxy -> http application ) I can authenticate with a client certificate
and all work fine.

(On nginx proxy to haproxy only location /contextroot1 and location /contextroot2)

Any help or suggestions are appreciated.
Thanks!

My nginx version: 1.10.2
My nginx config:

upstream backend_www {
server 172.16.1.4:443;
}
upstream backend_lbxaproxy {
server 172.16.1.5:443;
}

server {
listen 443 ssl;
server_name www.sampledomain.com;

ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

ssl_certificate /etc/pki/tls/certs/www.sampledomain.com/sampledomain.crt;
ssl_certificate_key /etc/pki/tls/certs/www.sampledomain.com/sampledomain.key;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/pki/tls/certs/www.eskok.pl/CA_root.crt;


ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
ssl_dhparam /etc/pki/tls/certs/dhparam.pem;

location / {
proxy_pass https://backend_www;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
}
location /contextroot1 {
proxy_pass https://backend_lbxaproxy/contextroot1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
}
location /contextroot2 {
proxy_pass https://backend_lbxaproxy/contextroot2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
}

}