For my websites I have configured Cloudflare Origin CA certificates with Full (Strict) verification on Cloudflares end for my website and Authenticated Origin Pulls enabled.
This worked for me well, but when I upgraded my servers from Debian Stretch to Debian Buster this setup broke.
Since then I received 525 errors when I access my site.
When I disable client certificates in nginx on my origin server the websites are visible.
I get this error message in my log:
2019/07/10 13:00:16 [crit] 11996#11996: *1 SSL_do_handshake() failed (SSL: error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve) while SSL handshaking, client: 172.69.55.85, server: 0.0.0.0:443
Is there a known issue with the combination Cloudflare Authenticated Origin pulls and Debian Buster?