Hello, I am having trouble setting up https for a subdomain. The server is using HAProxy as a reverse proxy with a self signed certificate and sslv3 explicitly disabled. My CF SSL encryption mode is set to full. When I try to connect via curl, the following error occurs:
curl -v https://enigma-api.staging.ieeevit.org * Rebuilt URL to: https://enigma-api.staging.ieeevit.org/ * Trying 22.214.171.124... * TCP_NODELAY set * Connected to enigma-api.staging.ieeevit.org (126.96.36.199) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS alert, Server hello (2): * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure * stopped the pause stream! * Closing connection 0 curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Chrome shows a
openssl s_client -connect <SERVER-IP> and the output seemed okay to me. My CF SSL certificate is active.
Any idea what might be going wrong?