I am getting TLS Negotiation Error on Public ALB.
To debug this, I initiated Curl Request to my public ALB using curl with older TLS Version.
I did not get anything on ALB Access Logs.
So I checked in VPC Flow Logs. I found that all requests are accepted.
However in TCP Flag field, I am getting number 6.
As per AWS Documentation https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html, there are only 4 TCP Flags:
FIN — 1
SYN — 2
RST — 4
SYN-ACK — 18
So what is TCP Flag 6 in VPC Flow Log? and is it related with TCP Negotiation Error?
I believe the documentation you linked has been updated since you posted this question. It now includes the following text:
TCP flags can be OR-ed during the aggregation interval. For short connections, the flags might be set on the same line in the flow log record, for example, 19 for SYN-ACK and FIN, and 3 for SYN and FIN. For an example, see TCP flag sequence.
In other words, the tcp-flags are bit masks meaning they can be combined to create unique numbers. These combinations happen when multiple requests occur within the "aggregation interval" of the flow logs.
Therefore, a 6 is going to be a combination of 4 + 2 since two records were combined into a single, aggregated record. So you received two messages, a SYN and a RST.
For more information about the aggregation interval, check out the "Aggregation interval" section of the "Logging IP traffic using VPC Flow Logs" article.