Foreman-proxy SSL not working on CentOS 7.5 & Foreman 1.17 & 1.18

Support
,
1

Problem:
Foreman cannot connect to a proxy with SSL enabled. When I try I get an time out. If I try to directly connect to the proxy from the master using openssl, I get nothing and connection hangs until I hit ctrl-c

$ openssl s_client -connect proxy.example.com:8443
CONNECTED(00000003)

On the proxy I get this message in the logs after hit ctrl-c on the master:
E, [2018-06-29T10:10:22.027748 ] ERROR – : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A
/usr/share/ruby/openssl/ssl.rb:280:in `accept’

Expected outcome:
Normal connection :slight_smile:

Foreman and Proxy versions:
1.17 on the master (was 1.16)
1.17 and 1,18 on the proxy

Other relevant data:

openssl command is also used with -ssl3 & -tls1 and -tls1_1 & -tls1_2, the options -ssl3 and -tls1 give me the following output (which is expected as sslv3 and tls1 are not supported):

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1530260581
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

OS: Fully updated CentOS 7.5
Proxy has default ruby (ruby 2.0.0p648 (2015-12-16) [x86_64-linux] ) and openssl: OpenSSL 1.0.2k-fips 26 Jan 2017
Proxy certificate is created on the foreman master via:
puppet cert generate

I tried 1.17 and 1.18RC2, reinstalled all foreman stuff, and removed all files in between attempts.
Also selinux seems not prohibiting anything as there are no messages in audit.log and with selinux in permissive mode the issue stays.
settings.yml has (effectively) the following contents:

cat settings.yml  |grep -v ^#                                                             
---
:settings_directory: /etc/foreman-proxy/settings.d
:ssl_certificate: /etc/foreman-proxy/<proxy-fqdn>.cert.pem
:ssl_ca_file: /etc/foreman-proxy/ca.pem
:ssl_private_key: /etc/foreman-proxy/<proxy-fqdn>.key.pem
:trusted_hosts:
- foreman.<domain>
2

After some debugging and ticking all the options it seems this was just a simple MTU problem. One side didn’t accept the 9000 MTU size correctly. After fixing this alls worked well.