Thank you for your reply.
When I set’Application type: HTTPS’, it did not work with an error in the SSL handshake. I would like to create another topic on this if necessary.
If I configure Spectrum with’application type: HTTPS’, I would like to know if I can take advantage of Firewall features, including CloudFlare Managed Ruleset.
I’m worried that the Firewall feature may only be available for origins set by DNS.
Did you mean: Error 525 SSL Handshake Error?
If I remember correctly, you should be able to do that.
Thank you for creating the ticket!
When accessing the environment configured with Spectrum (Application Type: HTTPS) with a WEB browser (chrome), the following error is displayed.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
When checking the communication at this time with the capture tool, CloudFlare responds to ClientHello with the following error instead of ServerHello.
TLSv1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
I tried it with the openssl command and it was the same.
#openssl s_client -connect test.mydomain: 443 -msg
CONNECTED (00000003)
>>> ??? [length 0005]
16 03 01 01 39
>>> TLS 1.3, Handshake [length 0139], ClientHello
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
<<< ??? [length 0005]
15 03 01 00 02
<<< TLS 1.3, Alert [length 0002], fatal handshake_failure
02 28
Interestingly, I was able to establish an SSL connection by resolving the name and specifying the CNAME I got with the openssl command as -servername as below.
openssl s_client -connect test.mydomain: 443 -servername 123abcd.pacloudflare.com -msg
The problem has been resolved.
The cause was that the edge certificate was not registered correctly.
Thank you very much.