Origin server sees a lot of abortive SSL connections (posting again)

Sorry for posting this again. It expired while I was waiting for the web developer to respond to my question:

The web admins are seeing a lot of abortive SSL sessions in the log. The only status code I see in analytics is 200. I don’t even know where I would look to try to figure this out.

They sent me a screenshot of a some sample log messages.

The answers they provided are:

Hardware: Azure Virtual Machine

Linux Version: Red Hat Enterprise Linux release 8.2 (Ootpa)

Kernel: 4.18.0-193.41.1.el8_2.x86_64

Web server: Server version: Apache/2.4.43 (Unix)

Server built: Feb 13 2021 01:40:07

Core web application codebase: Python Pyramids

there’s not really any other software involved in the transaction between Cloudflare and our VMs…

only port open is 443, with a whitelist to CF IP addresses.

The questions about CMS and Web Browser are … not applicable.

Maybe your Python web app client or Apache web server is not supporting SNI extension for HTTPS connections (SSL certificate)?

Maybe you need to check and update ca-certificates package and/or openssl at host/origin server too.

May I also ask do you have an SSL certificate propperly installed for Apache at your host/origin server?
Does it cover main domain and the needed sub-domain(s), if so?
Did you used Cloudflare CA Origin certificate?

We do not use Cloudflare CA origin certificate. I believe they are all self-signed. I’ll need to relay the questions to the web admins for the other answers.

If so, may I also ask what SSL options have you got selected under SSL tab/page settings of Cloudflare dashboard for your domain?

Our SSL is set to full (not strict).

Always Use HTTPS: off
HSTS: not enabled
Minimum TLS Version: 1.2
Opportunistic Encryption: off
TLS 1.3: on
Automatic HTTPS Rewrites: off
Disable Universal SSL: not disabled

Client Certificates: none
Origin Certificates: none
Authenticated Origin Pulls: off

Custom Hostnames: none

Perhaps health checks? Are you experiencing an actual issue as a result of the aborted connections that you are aware of?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.