After configuring the panel, the domain does not work for me


#1

Hello, I’m new to domains and their security. After configuring the mykill.pl domain in the cloudflare panel, it is unavailable. All who can know what the problem is, please answer. I can share screenshots of settings in the panel, as someone will ask to be sure about something.


#2

It’s working for me. Sometimes DNS takes a day or two before it fully propagates.


#3

Thanks for your help, I am reminded that the error occurred through my Firefox Focus mobile browser, because when I used Opera Touch, this error did not occur anymore.


#4

I can load the site in a browser too, however I also do get TLS errors via other channels. I cant say yet whether that is TLS configuration issue or a potential (geo) problem with edge servers.

Plain OpenSSL connect

openssl s_client -connect 104.27.165.195:443
CONNECTED(00000003)
3073411392:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1399:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1539385261
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

@cloonan?


#5

Ok. I do not quite understand what you wrote, but how can I solve it so that everything works properly, as it should?


#6

:wave: @akociszewski,

What is the minimum TLS version set to on the Crypto tab in Cloudflare?

-OG


#7


#8

Try lowering the minimum TLS version.

Though I wonder, that value should be zone specific and not server specific. Would that imply the IPs change depending on that value?!


#9

That’s what you meant?


#10

:wave: it works now, I suspect previously you had it set to TLS 1.3 as the minimum, which is only supported on a small(ish) number of browsers. If your site is ecommerce, you may want TLS 1.2 as the minimum, otherwise not sure TLS 1.0 is any real risk.

https://www.ssllabs.com/ssltest/analyze.html?d=mykill.pl&s=104.27.164.195&latest

-OG


#11

Okay, so to be all right, I have to stay with the minimum TLS 1.0, and optionally 1.2 agree?


#12

This topic was automatically closed after 31 days. New replies are no longer allowed.