Since friday we have been getting the error “tls protocol error” from our load balancer health check. The servers always come back as healthy after a minute or so. But we keep getting multiple unhealthy/healthy notifications an hour. When looking at the documentation (https://developers.cloudflare.com/health-checks/health-checks-analytics/#tls-protocol-error) it says that our server has to support TLS 1.2 or greater. So I double checked that and seems like it does. To be sure I disabled TLS 1.1, our apache config line now looks like this: “SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1”. At this point I’m a little lost, I can’t find any more documentation on how to resolve this problem. Is there anyone who has had this issue and knows how to resolve it?
Can you connect directly to your origin server successfully? You can test with curl --connect-to example.com:443:192.0.2.1:443 https://example.com where example.com is your domain and 192.0.2.1 is your origin server’s IP address.
If don’t get any error when connecting directly, may I ask what version of Apache you are running? I don’t use Apache myself, but the examples I’ve been able to find all have SSLProtocol -all +TLSv1.2 +TLSv1.3. They disable all and specifically enable TLSv1.2 and TLSv1.3 instead of the other way around.
It looks like the issue resolved itself, we haven’t had any notifications the past 2/3 hours without changing anything. Maybe it was an issue at Cloudflare itself? Thanks for your help anyway Albert, I will keep your suggestions in mind for if the issue resurfaces
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.