R2 with AWS SDK for Javascript got SSL Error


i try to access an R2 Bucket from Node.js with AWS S3 SDK (v3). Always getting an SSL handshake error like below:

Error: write EPROTO 8528979200:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1556:SSL alert number 40
    at WriteWrap.onWriteComplete [as oncomplete] (node:internal/stream_base_commons:94:16) {         
  errno: -100,                                                                                       
  code: 'EPROTO',                                                                                    
  syscall: 'write',                                                                                  
  '$metadata': { attempts: 1, totalRetryDelay: 0 }                                                   

If the server certificate is checked with openssl the same error appears.

# openssl s_client -connect <account_id>.r2.cloudflarestorage.com:443                                                               21:17:46
8528979200:error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure:/AppleInternal/Library/BuildRoots/810eba08-405a-11ed-86e9-6af958a02716/Library/Caches/com.apple.xbs/Sources/libressl/libre
ssl-3.3/ssl/tls13_lib.c:129:SSL alert number 40

If the server name is set, then the correct certificate is shown:

openssl s_client -connect <account_id>.r2.cloudflarestorage.com:443 -servername <accound_id>.r2.cloudflarestorage.com 
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root                       
verify return:1                                                                                      
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3                                 
verify return:1                                                                                      
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = r2.cloudflarestorage.com                                                                                                 
verify return:1                                                                                      
write W BLOCK                                                                                        
Certificate chain                                                                                    
 0 s:/C=US/ST=California/L=San Francisco/O=Cloudflare, Inc./CN=r2.cloudflarestorage.com              
   i:/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3                                             
 1 s:/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3                                             
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root                                    
Server certificate                                                                                   
-----BEGIN CERTIFICATE-----                                         

Does anybody know how to avoid these problem or set a server name in AWS SDK?


How are you setting up the JavaScript? I would recommend looking at the example Configure `aws-sdk-js-v3` for R2 · Cloudflare R2 docs

I followed these examples from Cloudflare R2 docs. Only difference i use AWS-SDK version 3, instead of version 2 used in Cloudflare docs (https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/welcome.html). But this shouldn’t end into the SSL error.