SSL Handshake Error in Spectrum HTTPS Application

Thank you for your reply.

When I set’Application type: HTTPS’, it did not work with an error in the SSL handshake. I would like to create another topic on this if necessary.

If I configure Spectrum with’application type: HTTPS’, I would like to know if I can take advantage of Firewall features, including CloudFlare Managed Ruleset.
I’m worried that the Firewall feature may only be available for origins set by DNS.

Did you mean: Error 525 SSL Handshake Error?

If I remember correctly, you should be able to do that.

Thank you for creating the ticket!

When accessing the environment configured with Spectrum (Application Type: HTTPS) with a WEB browser (chrome), the following error is displayed.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

When checking the communication at this time with the capture tool, CloudFlare responds to ClientHello with the following error instead of ServerHello.

TLSv1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
    Content Type: Alert (21)
    Version: TLS 1.0 (0x0301)
    Length: 2
    Alert Message
        Level: Fatal (2)
        Description: Handshake Failure (40)

I tried it with the openssl command and it was the same.

#openssl s_client -connect test.mydomain: 443 -msg
CONNECTED (00000003)
>>> ??? [length 0005]
    16 03 01 01 39
>>> TLS 1.3, Handshake [length 0139], ClientHello
    XXXXXXXXXXXXXXXXXXXXXXXXXXXX
<<< ??? [length 0005]
    15 03 01 00 02
<<< TLS 1.3, Alert [length 0002], fatal handshake_failure
    02 28

Interestingly, I was able to establish an SSL connection by resolving the name and specifying the CNAME I got with the openssl command as -servername as below.

openssl s_client -connect test.mydomain: 443 -servername 123abcd.pacloudflare.com -msg

The problem has been resolved.
The cause was that the edge certificate was not registered correctly.

Thank you very much.