ClientTLSNegotiationErrorCount indicate the number of TLS connections initiated by clients towards the load balancer that were unsuccessful. Generally, this is happens when the client and load balancer could not agree on a cipher/protocol combination.
A few things are missing from the question:
- Do you have customer ALB's FQDN?
- What client does customer use? That SSL version and cipher suite does it use?
- Any particular error message the client saw before ALB RST the connection?
You mention that the issue happens in a particular internal network. Are the clients that same in the external and internal network? Does the internal network has any SSL proxy by any chance?
Network path between ALB and ECS Fargate taskAccepted Answerasked 8 months ago
ALB Routing to Unhealthy TargetsAccepted Answerasked 3 years ago
To allow access from the server behind alb, which address should I enter, alb or server?Accepted Answerasked 2 months ago
Does ALB send SNI information in TLS handshake to a back-end serverasked 5 months ago
Is it possible to setup a NLB forwarding to ALB having NLB endpoint secured?asked 15 days ago
Is it possible to use an internal ALB as an EventBridge Rule API Destination?Accepted Answerasked 7 months ago
AWS Lambda invocation of internal ALB getting timed outasked 3 months ago
ALB TLS Extensions?Accepted Answerasked 3 years ago
Change Elastic Beanstalk ALB from internal to public internet-facing?Accepted Answerasked 3 months ago
Q: What’s the difference between “an ALB configured with pass-through traffic without TLS offload” vs “a NLB configured to pass-through traffic without TLS offload” ?Accepted Answerasked 6 months ago