SSL Handshake Error in Spectrum HTTPS Application

Thank you for your reply.

When I set’Application type: HTTPS’, it did not work with an error in the SSL handshake. I would like to create another topic on this if necessary.

If I configure Spectrum with’application type: HTTPS’, I would like to know if I can take advantage of Firewall features, including CloudFlare Managed Ruleset.
I’m worried that the Firewall feature may only be available for origins set by DNS.

Did you mean: Error 525 SSL Handshake Error?

If I remember correctly, you should be able to do that.

Thank you for creating the ticket!

When accessing the environment configured with Spectrum (Application Type: HTTPS) with a WEB browser (chrome), the following error is displayed.

When checking the communication at this time with the capture tool, CloudFlare responds to ClientHello with the following error instead of ServerHello.

TLSv1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
    Content Type: Alert (21)
    Version: TLS 1.0 (0x0301)
    Length: 2
    Alert Message
        Level: Fatal (2)
        Description: Handshake Failure (40)

I tried it with the openssl command and it was the same.

#openssl s_client -connect test.mydomain: 443 -msg
CONNECTED (00000003)
>>> ??? [length 0005]
    16 03 01 01 39
>>> TLS 1.3, Handshake [length 0139], ClientHello
<<< ??? [length 0005]
    15 03 01 00 02
<<< TLS 1.3, Alert [length 0002], fatal handshake_failure
    02 28

Interestingly, I was able to establish an SSL connection by resolving the name and specifying the CNAME I got with the openssl command as -servername as below.

openssl s_client -connect test.mydomain: 443 -servername -msg

The problem has been resolved.
The cause was that the edge certificate was not registered correctly.

Thank you very much.