TLS handshake failure with R2 endpoint from OVH server
Hi,
I’m trying to use Cloudflare R2 (S3-compatible API) from an Ubuntu VPS hosted on OVH, and I’m running into a TLS issue when connecting to my account endpoint.
Account ID: (provided above in my dashboard)
Endpoint I’m trying to use (S3):
https://<accountid>.r2.cloudflarestorage.com
Bucket: video-assets
Issue observed
When I run:
curl -I https://<accountid>.r2.cloudflarestorage.com
I consistently get:
curl: (35) TLS connect error: error:0A000410:SSL routines::ssl/tls alert handshake failure
Using openssl s_client with proper SNI and ALPN also results in: SSL alert handshake failure.
Port 443 is reachable (tested with nc and telnet).
If I test against the generic endpoint https://r2.cloudflarestorage.com, I get a proper 301 redirect response.
The issue happens only with my account-specific endpoint (<accountid>.r2.cloudflarestorage.com).
Troubleshooting steps already tried
Disabled IPv6, forcing IPv4 only.
Edited /etc/gai.conf to prioritize IPv4.
Verified firewall rules (ufw inactive, iptables OUTPUT ACCEPT).
Tested with curl forcing --http1.1, --tlsv1.3, and --resolve with Cloudflare IPv4 addresses.
From other networks (non-OVH), the endpoint works fine and TLS handshake succeeds.
Conclusion
The problem seems to be specific to the TLS handshake between Cloudflare’s edge servers handling OVH traffic and the SNI for my R2 account endpoint.
Request
Could you please check the status of my account endpoint on your edge servers and confirm why the TLS handshake fails only from OVH?
Thanks in advance!
Best regards,
D1360
@SuperHelpflare
SOLUTION:
Already sorted, i was missing the flag (--api S3v4) after my endpoint
I’m trying to use Cloudflare R2 (S3-compatible API) from an Ubuntu VPS hosted on OVH, and I’m running into a TLS issue when connecting to my account endpoint.
Account ID: (provided above in my dashboard)
Endpoint I’m trying to use (S3):
https://<accountid>.r2.cloudflarestorage.com
Bucket: video-assets
Issue observed
When I run:
curl -I https://<accountid>.r2.cloudflarestorage.com
I consistently get:
curl: (35) TLS connect error: error:0A000410:SSL routines::ssl/tls alert handshake failure
Using openssl s_client with proper SNI and ALPN also results in: SSL alert handshake failure.
Port 443 is reachable (tested with nc and telnet).
If I test against the generic endpoint https://r2.cloudflarestorage.com, I get a proper 301 redirect response.
The issue happens only with my account-specific endpoint (<accountid>.r2.cloudflarestorage.com).
Troubleshooting steps already tried
Disabled IPv6, forcing IPv4 only.
Edited /etc/gai.conf to prioritize IPv4.
Verified firewall rules (ufw inactive, iptables OUTPUT ACCEPT).
Tested with curl forcing --http1.1, --tlsv1.3, and --resolve with Cloudflare IPv4 addresses.
From other networks (non-OVH), the endpoint works fine and TLS handshake succeeds.
Conclusion
The problem seems to be specific to the TLS handshake between Cloudflare’s edge servers handling OVH traffic and the SNI for my R2 account endpoint.
Request
Could you please check the status of my account endpoint on your edge servers and confirm why the TLS handshake fails only from OVH?
Thanks in advance!
Best regards,
D1360
@SuperHelpflare
SOLUTION:
Already sorted, i was missing the flag (--api S3v4) after my endpoint
