SSL Handshake Error - Zenstores

Hi there,

We have only just signed up for Cloudflare, and currently run a Magento Store on our server (https://www.carmats4u.com). We also have an account with Zenstores which communicates with our server via API.

If I select Test Connection on the Zenstores website it throws up the following error:

Magento returned: [Errno 1] _ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Yet if I disable the proxies under DNS everything works fine.

Regards

Paul Denham

Was your site working with HTTPS before you added it to Cloudflare?

Hi,

Everything worked perfectly before.

Paul

It could just be a misleading error message. Does anything show up in the Firewall Events Log?

Is there a way to get a more detailed error message from Zenstores?

Nothing appears in the Firewall Events Log.

I have added the IP address as ALLOW in the IP Access Rules as well as Allow the API endpoint in the Firewall Rules, and also set the API Endpoint to Bypass in the Page Rules but to no avail.

I’ll see if Zenstores can help out with any other error messages etc.

Paul

1 Like

Zenstores have come back to me with the following:

Hi Paul,

Thanks for getting in touch. I’m afraid this is a frequent issue we hear with Magento sites that use Cloudflare for their SSL certificates.

We have had varying results with users, but it sounds like you’ve tried most things I’m aware of already. The only other thing I can think of could be to exclude SSL from the API Endpoints. I know that’s not an ideal solution, have you also raised this with Cloudflare themselves?

How do I excluded SSL for https://www.carmats4u.com/index.php/api/v2_soap/index/?wsdl=1

I know I can limit the IP addresses access to the API Endpoint to only those from Zenstores to make it as secure as I can.

Paul

Excluding SSL from the API endpoint sounds risky, as that traffic would be unencrypted. I wonder if Zenstores can find a way to connect directly to the origin server by adding that IP address to something like a localhosts file.

Or…maybe just figure out why they get this error. We know it’s a good certificate.

Good morning sdayman,

Just to let you know I’ve figured out a workaround for the moment. Because we have a multi-store setup with multiple domains, using a different domain name for the API End Point works at the moment. I know its not ideal, but I can look into this further when work allows (we’re very busy at the moment).

Paul

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.