Some machines some machines can't. SSL_ERROR_SYSCALL

Website, Application, Performance DNS & Network
1

some machines some machines can’t. SSL_ERROR_SYSCALL
I have configured the Proxy and used Origin Server SSL.

Where the first machine can run api but second machine can’t run api which both machines use different isp company.

Found that there were people having the same problem. But after that, the problem disappeared by itself for unknown reasons.

Some of the information says it’s because there is a direct connection to the Server, but here I use a set Proxied.

The first device can use the link.

lionants02@DESKTOP-7D90V9V:/mnt/c/Users/maxza$ nslookup tele-api.hii.in.th
Server:         172.30.192.1
Address:        172.30.192.1#53

Non-authoritative answer:
Name:   tele-api.hii.in.th
Address: 104.21.55.197
Name:   tele-api.hii.in.th
Address: 172.67.172.161
Name:   tele-api.hii.in.th
Address: 2606:4700:3032::6815:37c5
Name:   tele-api.hii.in.th
Address: 2606:4700:3037::ac43:aca1

lionants02@DESKTOP-7D90V9V:/mnt/c/Users/maxza$ curl -i -v https://tele-api.hii.in.th/
*   Trying 104.21.55.197:443...
* TCP_NODELAY set
* Connected to tele-api.hii.in.th (104.21.55.197) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: May 13 00:00:00 2022 GMT
*  expire date: May 13 23:59:59 2023 GMT
*  subjectAltName: host "tele-api.hii.in.th" matched cert's "*.hii.in.th"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56310b4eb8c0)
> GET / HTTP/2
> Host: tele-api.hii.in.th
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
HTTP/2 200
< date: Tue, 03 Jan 2023 08:46:50 GMT
date: Tue, 03 Jan 2023 08:46:50 GMT
< content-type: application/json
content-type: application/json
< content-length: 212
content-length: 212
< vary: Origin
vary: Origin
< cf-cache-status: DYNAMIC
cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JJ0Bqz9dhy5X%2FlfoWnZo4z8WEq3K515iPSmg07AJNnBW93mzJVMXGS%2F9zA%2Fd1hduDrJo4oGAHc2Dtgmm7yY1hmxBYUJG5MAf7fEN4xT42Nivg08hG6i9naryyeDH1fFHlXmPI7Y%3D"}],"group":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JJ0Bqz9dhy5X%2FlfoWnZo4z8WEq3K515iPSmg07AJNnBW93mzJVMXGS%2F9zA%2Fd1hduDrJo4oGAHc2Dtgmm7yY1hmxBYUJG5MAf7fEN4xT42Nivg08hG6i9naryyeDH1fFHlXmPI7Y%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
server: cloudflare
< cf-ray: 783a775c9b8a8989-SIN
cf-ray: 783a775c9b8a8989-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

<
* Connection #0 to host tele-api.hii.in.th left intact
xxx

The second device cannot use the link.

lionants02@NB1-631-0169:~$ nslookup tele-api.hii.in.th
Server:         10.226.211.14
Address:        10.226.211.14#53

Non-authoritative answer:
Name:   tele-api.hii.in.th
Address: 104.21.55.197
Name:   tele-api.hii.in.th
Address: 172.67.172.161
Name:   tele-api.hii.in.th
Address: 2606:4700:3037::ac43:aca1
Name:   tele-api.hii.in.th
Address: 2606:4700:3032::6815:37c5

lionants02@NB1-631-0169:~$ curl -i -v https://tele-api.hii.in.th
*   Trying 172.67.172.161:443...
* TCP_NODELAY set
* Connected to tele-api.hii.in.th (172.67.172.161) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to tele-api.hii.in.th:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to tele-api.hii.in.th:443
2

I tried testing openssl further. openssl s_client -connect tele-api.hii.in.th:443 -prexit

First device.

lionants02@DESKTOP-7D90V9V:/mnt/c/Users/maxza$ openssl s_client -connect tele-api.hii.in.th:443 -prexit
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
   i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
 1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFMTCCBNigAwIBAgIQBgYxNUui8MALdv7RxP6wHjAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjIwNTEzMDAwMDAwWhcNMjMwNTEz
MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG
A1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe
MBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEKvv9TQu/FvcJ8UtFhOE/Ti51xoFkf6t3hsgdvFsqoBvjh2D4Dela
v1H92cyHNNRKAutqdsRBI2abOqq5/xI0uaOCA3MwggNvMB8GA1UdIwQYMBaAFKXO
N+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBSudbpbmVMGH7OEixw6sYsQTgdg
nDA4BgNVHREEMTAvggloaWkuaW4udGiCCyouaGlpLmluLnRoghVzbmkuY2xvdWRm
bGFyZXNzbC5jb20wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2Vy
dC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMDegNaAzhjFodHRwOi8vY3Js
NC5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMD4GA1UdIAQ3
MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQu
Y29tL0NQUzB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
LmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNl
cnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNydDAMBgNVHRMBAf8EAjAAMIIB
fwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr
7Otp4Xd9bQa9bgAAAYC7G51PAAAEAwBIMEYCIQCC+9bGb4wsShjPFH6WlEXgfJZo
kYmH+WoVzRSIEINbswIhAIWUnsf0QsE+6pyQlY8k7hxFO7f+HV0mESTRymsvPvT7
AHcANc8ZG7+xbFe/D61MbULLu7YnICZR6j/hKu+oA8M71kwAAAGAuxudWQAABAMA
SDBGAiEAz4RVQrdgnCaPTMNK6jSfDruoxGjsmH2ob2CxkEOOVPoCIQD8V6Jkg0VD
awUjFGQbTLMJNfSDuAEzPh3Un/5V1HYYiwB1ALc++yTfnE26dfI5xbpY9Gxd/ELP
ep81xJ4dCYEl7bSZAAABgLsbnVkAAAQDAEYwRAIgHjmvyldGqyi1sbncT7C+Yrh5
XcBwQYRDBvvBh6nMjv4CIHMsau5PeoIFo2FBAbJndHTEbdu8rKLgcdAtelxOP1is
MAoGCCqGSM49BAMCA0cAMEQCIDNPVrgTKN64zO90eHU1Ng7aLSD83AjAVpI78YhZ
x2KYAiAI6VgKKhD1EzDzfAfJ8fsTQwJGZ3g9GJf0TLuLlWyPwQ==
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com

issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2623 bytes and written 390 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

^C
lionants02@DESKTOP-7D90V9V:/mnt/c/Users/maxza$

Second device

lionants02@NB1-631-0169:~$ openssl s_client -connect tele-api.hii.in.th:443 -prexit
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 310 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 310 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
3

It seems that the ISP I am using has a domain block system. I solved the problem by changing ISP.