Description:
I am working on a mobile application where the client (mobile) sends a request to generate a token through the cellular network to a 5G Core network. The 5G Core adds the mobile number (MSISDN) in the Client Hello message extension before sending it to HAProxy. The request from the mobile app is successfully received by the server, including the mobile number in the Client Hello message.
Here’s the sequence of events:
- The server receives the Client Hello message with the mobile number in the extension.
- The server sends a Hello message and a certificate to the client.
- The mobile client sends the client key to the HAProxy server (through 5gc).
At this point, HAProxy throws an error: SSL Handshake Error with the following message in the PCAP: Level: 2 Fatal Description: BAD RECORD MAC
Troubleshooting Steps Taken:
- I tried the same configuration with Nginx but faced the same error.
- I changed the SSL certificate, but the error persists.
- If I disable the 5G Core task (which adds the MSISDN in the Client Hello message extension), the SSL handshake error does not occur.
- If I enable the 5G Core but do not include the MSISDN extension in the Client Hello message, the error is also avoided.
My Questions:
- What could be causing the “BAD RECORD MAC” error when the mobile number (MSISDN) is added to the Client Hello message?
- Is there any specific configuration or setting in HAProxy or SSL/TLS that could help resolve this issue?
- Why does disabling the 5G Core task prevent the SSL handshake error?
I would appreciate any insights or suggestions on how to resolve this SSL handshake error.