I activated Flexible SSL on this domain and after 5 days I and my customer are getting the error SSL_ERROR_NO_CYPHER_OVERLAP. All the other hundreds of domains that I use with cloudflare works great with Flexible SSL, just this one domain is not working.

I already followed the instructions at Community Tip - Fixing SSL ERROR NO CYPHER OVERLAP in Mozilla but it didnt work after 24h.

I think there may be an issue with your SSL system because I never had this error before. I am not making any stupid mistake, I double checked everything and I still cant get the HTTPS connection to work.

Flexible should generally not be used and is famous for breaking sites, like here for example.

Switch that to Full Strict and make sure you have a valid certificate on your server as well.

You essentially have no security and no encryption on your sites right now I am afraid.

1 Like

I am aware of what flexible is. I dont need any extra protection, I dont even need SSL in this specific website. However browsers are complaining about websits not having SSL enabled.

In this case, using Flexible is a good alternative because with one click I can start using SSL. Your suggestion is way way way more complicated, I will have to issue a new certificate, install in on my server, configure it on cloudflare…

ANYWAY: if cloudflare provides this as a service (Flexible) it should work as it worked previously on all of my other domains (literally hundreds that I have in my account on cloudflare). So I ask a dev in cloudflare to take a look at this recent bug.

I see a 526 and am unable to view the site.

Are the CNAME record for those other zones proxied :orange: or are they also set to bypass cloudflare :grey: as is

I grayed out the cloud trying to solve the problem and then I made it back orange a few hours later to try to fix, but no success.

Now I have the cloud orange (traffic going inside CF) and the certificate is as Flexible. I removed the auto redirect from HTTP to HTTPS so you can test. If you access the domain (without HTTPS) you will see it works. Now try access (with HTTPS) and you will see the error below. Any idea something I can try to fix?

Secure Connection Failed

An error occurred during a connection to Cannot communicate securely with peer: no common encryption algorithm(s).


The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Learn more…

I am admittedly somewhat confused now. You wrote that you do not need SSL, but yet here we are discussing that very SSL. If you don’t need SSL, simply set the encryption mode to Off and there are no certificate issues.

You also wrote that browser complain, that is not entirely accurate, as you can generally load HTTP sites just fine. There is, however, an alert about missing encryption, that’s all.

As you know, the encryption mode you chose is a legacy one which often breaks sites. That seems to be the case here as well.

I am afraid, if you have hundreds of sites on that legacy mode you endanger every single visitor of those sites, as none of that traffic is secure.

In addition to the previous mentioned article you should also take a look at Why you should choose Full Strict, and only Full Strict.

Support here in the community is increasingly bad. Everytime I ask something here, which is clearly a bug on cloudflare end, stupid people come to defend cloudflare.

Anyway, I heard Fastly is much better and I am starting to move my domains over there.

Bom dia!

Cloudflare has only paid me ~$1M for my expertise, so take it for what it’s worth…

curl -ikv
*   Trying
* Connected to ( port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* LibreSSL/3.3.6: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure
* Closing connection 0
curl: (35) LibreSSL/3.3.6: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure

There is no valid SSL certificate on Cloudflare’s edge for the host in question. Cloudflare has a community tutorial for that error: Community Tip - Fixing SSL ERROR NO CYPHER OVERLAP in Mozilla

But, if you decide to move to Fastly all good… I own a few hundred shares there too… or check out Edgio I own several thousand shares on that platform as well.

If you actually want to solve your error vs. moving to one of my other investments…

Looking thouhg the troubleshooting steps let’s start at step 1.

All active Cloudflare domains are provided a Universal SSL certificate. If you observe SSL errors and do not have a certificate of Type Universal within the Edge Certificates tab of the Cloudflare SSL/TLS app for your domain, the Universal SSL certificate has not yet provisioned.

What does the dashboard indicate?

And this is where the conversation ends. This behaviour is neither appropriate nor acceptable nor tolerable.

And for the record, nowhere did I defend Cloudflare. If anything, I am highly critical. What I did was to kindly let you know that all your sites are insecure and you are actively deceiving your visitors.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.