Can't reach cdnjs, most other Cloudflare sites work intermittently

So, what the title says. cdnjs.cloudflare has been unreachable all day, while cloudflare.com, support.cloudflare, community.cloudflare and some other sites I believe use CF are available intermittently (mostly unavailable). Sites using cdnjs obviously won’t load properly. It appears the handshake works out, using TLS 1.3, and then… nothing. Error 104, connection reset by peer.

Anyone else having this problem? I’m in Sweden, ISP is Telenor (46.194.0.0 - 46.194.255.255) and I’m writing this tunneling my way via another Telenor subnet (85.226.20.0 - 85.226.21.255) where everything works.

Can you let us know what is the output of /cdn-cgi/trace?

4 Likes

The output from www.cloudflare.com is:

fl=65f56
h=www.cloudflare.com
ip=46.194.40.118
ts=1611925084.068
visit_scheme=https
uag=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36
colo=CPH
http=http/2
loc=SE
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

I am unable to reach that endpoint for cdnjs.cloudflare.com (same error, connection reset), but it works in the tunneled browser.

2 Likes

Can you run traceoute / MTR to the endpoint for cdnjs.cloudflare.com ? And we can see if there is any routing issue.

2 Likes

Certainly:

$ traceroute cdnjs.cloudflare.com
traceroute to cdnjs.cloudflare.com (104.16.19.94), 30 hops max, 60 byte packets
 1  _gateway (10.1.1.1)  0.947 ms  1.176 ms  1.333 ms
 2  192.168.8.1 (192.168.8.1)  3.401 ms  4.392 ms  4.325 ms
 3  * * *
 4  62.127.2.41 (62.127.2.41)  42.960 ms  41.957 ms  42.822 ms
 5  ti3153c400-ae25-0.ti.telenor.net (146.172.21.34)  58.719 ms  58.651 ms  58.583 ms
 6  ti3163c360-ae12-0.ti.telenor.net (146.172.101.222)  57.074 ms  50.606 ms  50.691 ms
 7  ti3001b400-ae3-0.ti.telenor.net (146.172.105.62)  52.614 ms  51.233 ms  52.754 ms
 8  netnod-ix-ge-b-sth-1500.cloudflare.com (194.68.128.246)  69.813 ms  66.492 ms  65.914 ms
 9  104.16.19.94 (104.16.19.94)  69.568 ms  69.482 ms  69.341 ms

And with curl:

$ curl https://cdnjs.cloudflare.com
curl: (56) OpenSSL SSL_read: Connection reset by peer, errno 104

Worth adding is cdnjs works over http. Its only when the SSL is involved things get wonky. Remembering this led me to the actual output from /cdn-cgi/trace (over http) for cdnjs, if it is to any help:

$ curl http://cdnjs.cloudflare.com/cdn-cgi/trace
fl=65f46
h=cdnjs.cloudflare.com
ip=46.194.40.118
ts=1611927947.676
visit_scheme=http
uag=curl/7.68.0
colo=CPH
http=http/1.1
loc=SE
tls=off
sni=off
warp=off
gateway=off

I was unable to replicate the same issues from the same metal

*   Trying 104.16.18.94...
* TCP_NODELAY set
* Expire in 149998 ms for 3 (transfer 0x55f608672f90)
* Expire in 200 ms for 4 (transfer 0x55f608672f90)
* Connected to cdnjs.cloudflare.com (104.16.18.94) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2233 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Oct 21 00:00:00 2020 GMT
*  expire date: Oct 20 23:59:59 2021 GMT
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x55f608672f90)
} [5 bytes data]
> GET / HTTP/2
> Host: cdnjs.cloudflare.com
> Accept: */*
> User-Agent: cf-crossbow/641-af332e5
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
} [5 bytes data]
< HTTP/2 200
< date: Sun, 31 Jan 2021 03:32:45 GMT
< content-type: text/html
< content-length: 8811
< cf-request-id: 07f819189f0000d891589a5000000001
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FAiR483QeqI1zIoJiLiexCker1G90MyySKxmvZI8YinpKi3mzQfvT6wo2Uw8I8hxnS9om5x%2FTbvD%2B78vszau6lXI1vUK4KeV8eK%2BiZYt72rc3lq3pw%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"max_age":604800,"report_to":"cf-nel"}
< strict-transport-security: max-age=15780000
< server: cloudflare
< cf-ray: 61a05e0768f0d891-CPH
<
{ [898 bytes data]
* Connection #0 to host cdnjs.cloudflare.com left intact

Can you try using postman and send a simple get request to see that it is persistent replicated on your side?

2 Likes

I don’t know what you wish me to query with Postman, but this is still very much a problem, affecting:

  • Laptop - affects both leisure and work, as the work sites use cdnjs. Tested Chome, Firefox, Librewolf, Brave, Curl, openssl s_client etc. CF HTTPS broken.
  • Smart TV - CF HTTPS broken
  • Media center - CF HTTPS broken, tested curl
  • Android phone - CF HTTPS broken, tested Chrome and Firefox
  • Android tablet - CF HTTPS broken, tested Chrome

The Steam store (store.steampowered.com) loads the text, but not much else:

GET https://cdn.cloudflare.steamstatic.com/steam/apps/256819768/movie.184x123.jpg?t=1611682033 net::ERR_CONNECTION_RESET (index):1036 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/588650/ss_ffef382d2a1ace63b82184caf3f6c5b293c66483.116x65.jpg?t=1611682054 net::ERR_CONNECTION_RESET (index):989 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/256755089/movie.184x123.jpg?t=1581426951 net::ERR_CONNECTION_RESET (index):985 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/256818190/movie.184x123.jpg?t=1610624263 net::ERR_CONNECTION_RESET (index):997 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/256774793/movie.184x123.jpg?t=1581426970 net::ERR_CONNECTION_RESET (index):993 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/256774794/movie.184x123.jpg?t=1581429615 net::ERR_CONNECTION_RESET (index):1006 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/588650/ss_21c61aca6a66745a2abb3f72b93553398fc7fe32.116x65.jpg?t=1611682054 net::ERR_CONNECTION_RESET (index):1001 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/256796085/movie.184x123.jpg?t=1597159612 net::ERR_CONNECTION_RESET (index):1021 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/588650/ss_a099416b9f3e09d47c42f87667e6ad6f394ba652.116x65.jpg?t=1611682054 net::ERR_CONNECTION_RESET (index):1018 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/588650/ss_7bde51ea6c8f6289e85ea1d8c1c941e1f8bfee91.116x65.jpg?t=1611682054 net::ERR_CONNECTION_RESET (index):1027 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/588650/ss_6f305b9603c17d31ddcbda4c73add319bf910a41.116x65.jpg?t=1611682054 net::ERR_CONNECTION_RESET (index):1046 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/256724514/movie.184x123.jpg?t=1581426984 net::ERR_CONNECTION_RESET (index):1042 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/588650/ss_b4d8d567f7bdcccc7195ca71d69f98a78575b96c.116x65.jpg?t=1611682054 net::ERR_CONNECTION_RESET (index):1 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/588650/page_bg_generated_v6b.jpg?t=1611682054 net::ERR_CONNECTION_RESET (index):1024 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/588650/ss_e87e72a247918d8493892e035d5e1b4b84470d2f.116x65.jpg?t=1611682054 net::ERR_CONNECTION_RESET (index):1033 
GET https://cdn.cloudflare.steamstatic.com/steam/apps/588650/ss_65dde6f056018945351e18f55c3481fa2478547b.116x65.jpg?t=1611682054 net::ERR_CONNECTION_RESET (index):1009 

MysteriousUniverse.org wont load at all:

This site can’t be reached
The connection was reset.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_RESET

And with curl:

$ curl https://mysteriousuniverse.org
curl: (56) OpenSSL SSL_read: Connection reset by peer, errno 104

And with openssl:

$ openssl s_client mysteriousuniverse.org:443
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
write:errno=104

This is not going away, making it think it is some kind of erroneous rule behind the scenes. EVERYTHING on this connection, whether connected directly to the AP or to the router experience the exact same issue with everything that uses CF.

Some sites work intermittently, including: cloudflare.com, prisjakt.se, getbootstrap.com

Some sites work partially, including: store.steampowered.com

Some sites hasn’t worked at all, including: cdnjs.cloudflare.com, mysteriousuniverse.org

And like that, everything is back to normal! Don’t know if anyone here found a missing semicolon, or if the system self-healed somehow, but either way thank you for your help! :slight_smile:

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.