Intermittent 525 SSL handshake failures
🔐SSL/TLS
Intermittent 525 SSL handshake failed between Cloudflare and origin for torchlite.host.
Setup:
torchlite.host / www.torchlite.host proxied by Cloudflare
SSL mode: Full (strict)
origin: 31.6.1.181
web uses a valid Cloudflare Origin CA cert for torchlite.host + *.torchlite.host
What I verified:
direct origin with preserved SNI is stable
origin serves the expected cert
direct responses are correct (200 on apex, 301 on www, 307 on dashboard route)
failed 525 requests do not appear in Nginx access.log
no matching entries in Nginx error.log
Local investigation found no origin-side cause:
no fail2ban
no UFW / iptables / nftables block on 443
no conntrack or SYN backlog issue
no local TCP resets on 443
During packet capture, for 2 of 3 failed 525 events there was no inbound SYN to 31.6.1.181:443 within about ±1s of the failure timestamp.
This makes it look like the failure happens before the request reaches the origin HTTP layer.
Anyone seen rare/intermittent 525 from Cloudflare caused by a specific edge / colo / route issue?
Setup:
torchlite.host / www.torchlite.host proxied by Cloudflare
SSL mode: Full (strict)
origin: 31.6.1.181
web uses a valid Cloudflare Origin CA cert for torchlite.host + *.torchlite.host
What I verified:
direct origin with preserved SNI is stable
origin serves the expected cert
direct responses are correct (200 on apex, 301 on www, 307 on dashboard route)
failed 525 requests do not appear in Nginx access.log
no matching entries in Nginx error.log
Local investigation found no origin-side cause:
no fail2ban
no UFW / iptables / nftables block on 443
no conntrack or SYN backlog issue
no local TCP resets on 443
During packet capture, for 2 of 3 failed 525 events there was no inbound SYN to 31.6.1.181:443 within about ±1s of the failure timestamp.
This makes it look like the failure happens before the request reaches the origin HTTP layer.
Anyone seen rare/intermittent 525 from Cloudflare caused by a specific edge / colo / route issue?
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
86,942Members
Resources
Similar Threads
Was this page helpful?
