Intermittent curl SSL issue to cloudflare domains

Website, Application, Performance Security
1

Hi,

I`m having trouble running curl from a specific client to domains that points to Cloudlfare.

The problem is intermittent and mostly the connection is being reset and sometimes it seems to work as it should.

Browsing cloudflare.com and other domains that points to cf works without no problem.

Here are som examples of curl to cloudflare.com and error codes:

PS C:\temp\curl> .\curl.exe  https://cloudflare.com -v
*   Trying 104.16.132.229:443...
* Connected to cloudflare.com (104.16.132.229) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: C:\temp\curl\curl-ca-bundle.crt
*  CApath: none
* [CONN-0-0][CF-SSL] TLSv1.0 (OUT), TLS header, Certificate Status (22):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Certificate Status (22):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Server hello (2):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Certificate (11):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, CERT verify (15):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=cloudflare.com
*  start date: Feb  7 00:00:00 2023 GMT
*  expire date: May  7 23:59:59 2023 GMT
*  subjectAltName: host "cloudflare.com" matched cert's "cloudflare.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: cloudflare.com]
* h2h3 [user-agent: curl/7.87.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x1d2ae3dfbc0)
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Send failure: Connection was reset
* OpenSSL SSL_write: Connection was reset, errno 10054
* Failed sending HTTP2 data
* Failed sending HTTP request
* SSL_write() error: error:0A00010F:SSL routines::bad length
* Failed sending HTTP2 data
* Connection #0 to host cloudflare.com left intact
curl: (55) Send failure: Connection was reset


PS C:\temp\curl> .\curl.exe  https://cloudflare.com -v
*   Trying 104.16.132.229:443...
* Connected to cloudflare.com (104.16.132.229) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: C:\temp\curl\curl-ca-bundle.crt
*  CApath: none
* [CONN-0-0][CF-SSL] TLSv1.0 (OUT), TLS header, Certificate Status (22):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1):
* Recv failure: Connection was reset
* OpenSSL SSL_connect: Connection was reset in connection to cloudflare.com:443
* Closing connection 0
* Recv failure: Connection was reset
curl: (35) Recv failure: Connection was reset
PS C:\temp\curl>




PS C:\temp\curl> .\curl.exe  https://cloudflare.com  -vvv
*   Trying 104.16.133.229:443...
* Connected to cloudflare.com (104.16.133.229) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: C:\temp\curl\curl-ca-bundle.crt
*  CApath: none
* [CONN-0-0][CF-SSL] TLSv1.0 (OUT), TLS header, Certificate Status (22):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Certificate Status (22):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Server hello (2):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Certificate (11):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, CERT verify (15):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=cloudflare.com
*  start date: Feb  7 00:00:00 2023 GMT
*  expire date: May  7 23:59:59 2023 GMT
*  subjectAltName: host "cloudflare.com" matched cert's "cloudflare.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Send failure: Connection was reset
* OpenSSL SSL_write: Connection was reset, errno 10054
* Failed sending HTTP2 data
* SSL_write() error: error:0A00007F:SSL routines::bad write retry
* Failed sending HTTP2 data
* Connection #0 to host cloudflare.com left intact
curl: (16) Send failure: Connection was reset



PS C:\temp\curl> .\curl.exe https://cloudflare.com  -v
*   Trying 104.16.132.229:443...
* Connected to cloudflare.com (104.16.132.229) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: C:\temp\curl\curl-ca-bundle.crt
*  CApath: none
* [CONN-0-0][CF-SSL] TLSv1.0 (OUT), TLS header, Certificate Status (22):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Certificate Status (22):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Server hello (2):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Certificate (11):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, CERT verify (15):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=cloudflare.com
*  start date: Feb  7 00:00:00 2023 GMT
*  expire date: May  7 23:59:59 2023 GMT
*  subjectAltName: host "cloudflare.com" matched cert's "cloudflare.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: cloudflare.com]
* h2h3 [user-agent: curl/7.87.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x231ca34efa0)
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: cloudflare.com
> user-agent: curl/7.87.0
> accept: */*
>
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 301
< date: Mon, 27 Mar 2023 06:48:24 GMT
< location: https://www.cloudflare.com/
< cache-control: max-age=3600
< expires: Mon, 27 Mar 2023 07:48:24 GMT
< set-cookie: __cf_bm=RAHUX4QAaVk.cY1MnVcZy5j8nyfsse6X6aTFpCsiBTg-1679899704-0-AWe3DH9NeU8LhnEIkLTYLvW+Aq0oUfDGaWczw2ilDRmZQmLI7t+qj7EsDnFQTRKrfFUmbY6muRIp+35rx4882ek=; path=/; expires=Mon, 27-Mar-23 07:18:24 GMT; domain=.cloudflare.com; HttpOnly; Secure; SameSite=None
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ln3dwXw%2F%2BOzVHP2tNaNHvBDbAA%2BW%2F80V6BKMJWdMGluSAeRTaW8c%2BoiG2IN6QxVoTUkzknCqC5jMJBshI9dKsTglng9Kcn6PcmvDjmuDQK2jsHHlDYdQ%2B1kRKpewJYaV"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< strict-transport-security: max-age=15780000; includeSubDomains
< server: cloudflare
< cf-ray: 7ae5b0042ddc0b02-OSL
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
* Connection #0 to host cloudflare.com left intact
2

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.