Only websocket says "error 525 - SSL handshake failed"

ssl

#1

Hello guys,
I’ve been weeks trying to find the problem in question.
I inserted the ssl certificate from cloudflare on my site, and it can enter as secure, but when I go to the websocket page, error 525 appears.
I can not really solve it, and I need this to open my project :c
I use nginx system, with ubuntu operating system, websocket is on port 8443,

If I take the ssl certificate installed from my VPS, and disable https, the websocket works perfectly.
Now when I install the origin ssl certificate from cloudflare in my vps, and the websocket can not sign in with https.
I tested with a non-cloudflare certificate, and the following error appears: https://i.imgur.com/7CMVcZu.jpg

Recalling that it’s just in the websocket (https://domain.com:8443)

The start part of my websocket is as follows:https://i.imgur.com/TeOi5iT.png

The port is listed further at the end of the file, in 8443. I need help for this, the cloudflare support does not exactly tell me the reason for the problem, not to mention they are very time consuming to respond.


#2

curl -Ikv https://your.server.ip:8443 results in an SSL handshake error, so the issue is somewhere on the server. Try adding the certificate to your trusted key store perhaps to see if that helps.


#3

Thanks for your response cscharff,
But I installed the origin ssl certificate in my VPS in the nginx settings, until I saw the tutorial that cloudflare has and I did everything right, the nginx log does not give any error in relation to the certificate.
My server ip is: [redacted]
What do you mean with “try adding the certificate to your trusted key store perhaps to see if that helps”?


#4

I was testing against your IP before to bypass Cloudflare completely and the command above also allows certificates but I was still unable to initiate an SSL handshake on 8443, though the same certificate works just fine on 443.

  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: /usr/local/etc/openssl/cert.pem
    CApath: /usr/local/etc/openssl/certs
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • Unknown SSL protocol error in connection to [ip address]

So the certificate appears to be fine since it works on 443 and since the error occurs when going direct to origin as well it doesn’t appear to be a Cloudflare error rather a server config one.

Exact steps would depend on the OS. Something like https://www.digicert.com/move-certificate-to-another-certificate-store.htm or https://github.com/curl/curl/issues/1331 perhaps. Not sure it will work, but it is a local server issue.


#5

I understand that it is a bad configuration on the server or websocket, because I have a person who has the same system as mine, has ubuntu operating system and uses nginx, and was able to connect in cloudflare with the websocket in secure. I tried to add it to explain how it did, but it did not accept me, I already looked for too much and never found a solution for it


#6

This topic was automatically closed after 14 days. New replies are no longer allowed.