I want to set the CNAME settings as follows. but I want the SSL certificate installed on the side of the service provider to work. I have a error ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I asked support once on the same issue. The origin must have the SSL certificate for the same domain you are requesting. So basically:
blog.abc.com must have an SSL certificate for blog.example.com, if you have the wrong certificate and if you have Cloudflare enabled set a Page Rule for SSL Full (not strict) on that domain or put a Cloudflare Origin Certificate, otherwise you have to install a certificate for the correct domain.
I ended up having to set SSL to Flexible to be able to do this. Once in a while, I get lucky and the origin provider can add my subdomain to a Letβs Encrypt certificate.
If the origin has a certificate, even a wrong one, it works with SSL set to Full, having it at Flexible uses HTTP for the Cloudflare <-> Origin requests.