Redis Redis 6.0.5 SSL routines:ssl_get_prev_session:session id context uninitialized

Im using redis cluster and monitor master via haproxy. haproxy conf

frontend ft_redis
    bind 127.0.0.1:16379
    mode tcp
    default_backend bk_redis_master

backend bk_redis_master
    option tcp-check
    tcp-check connect ssl
    tcp-check send AUTH\ XXXXXXXXX\r\n ssl
    tcp-check expect string +OK ssl
    tcp-check send PING\r\n ssl
    tcp-check expect string +PONG ssl
    tcp-check send info\ replication\r\n ssl
    tcp-check expect string role:master ssl
    tcp-check send QUIT\r\n ssl
    tcp-check expect string +OK ssl
    server server4 192.168.1.100:16378 check check-ssl ssl verify none 
    server server5 192.168.1.101:16378 check check-ssl ssl verify none 
    server server6 192.168.1.102:16378 check check-ssl ssl verify none 

redis.conf

## tls

tls-port 16378
tls-cert-file "/etc/redis/tls/redis.crt"
tls-key-file "/etc/redis/tls/redis.key"
tls-dh-params-file "/etc/redis/tls/redis.dh"
tls-ca-cert-file "/etc/redis/tls/ca.crt"
tls-ca-cert-dir "/etc/ssl/certs"
tls-auth-clients no
tls-replication yes
tls-cluster yes
#tls-protocols "TLSv1.2"
tls-protocols "TLSv1.2 TLSv1.3"
tls-ciphers DEFAULT:!MEDIUM
tls-ciphersuites "TLS_CHACHA20_POLY1305_SHA256"
tls-prefer-server-ciphers yes

Checks are flapping with ssl errors in redislogs

14203:S 02 Jul 2020 11:19:34.116 # Error accepting a client connection: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized (conn: fd=9)
14203:S 02 Jul 2020 11:19:40.155 # Error accepting a client connection: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized (conn: fd=9)

haproxy log

[WARNING] 183/112541 (8980) : Server bk_redis_master/server6 is DOWN, reason: Socket error, info: "SSL handshake failure at step 1 of tcp-check (connect)", check duration: 32ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 183/112541 (8980) : backend 'bk_redis_master' has no server available!
[WARNING] 183/112545 (8980) : Server bk_redis_master/server6 is UP, reason: Layer7 check passed, code: 0, info: "(tcp-check)", check duration: 121ms. 1 active and 0 backup servers online. 0 sessions requeued, 0 total in queue.

and master is not available. It starts working after some seconds/haproxy check retry

OpenSSL> version
OpenSSL 1.1.1d  10 Sep 2019

Debian buster

Comment From: yossigo

@psilocibin Looks like haproxy is attempting session caching, which is potentially fixed in #7420 and planned for the next version.

Comment From: psilocibin

Thank you for info. Looks the same.

Comment From: yossigo

@psilocibin can you please confirm if this has been resolved by latest unstable?

Comment From: psilocibin

yes, #7420 fixed it.