Hello, I am having trouble setting up https for a subdomain. The server is using HAProxy as a reverse proxy with a self signed certificate and sslv3 explicitly disabled. My CF SSL encryption mode is set to full. When I try to connect via curl, the following error occurs:
curl -v https://enigma-api.staging.ieeevit.org
* Rebuilt URL to: https://enigma-api.staging.ieeevit.org/
* Trying 172.67.157.165...
* TCP_NODELAY set
* Connected to enigma-api.staging.ieeevit.org (172.67.157.165) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, Server hello (2):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Chrome shows a ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Tried running openssl s_client -connect <SERVER-IP> and the output seemed okay to me. My CF SSL certificate is active.
Any idea what might be going wrong?