SSL handshake fails when origin server doesn't support 128 bit AES cipher


For testing purposes I setup my website to only allow TLS 1.3 (with all ciphers) or TLS 1.2 with the ECDHE-RSA-AES256-GCM-SHA384 cipher.

The following screenshot shows what the cipher suites looks like when testing with ssllabs with cloudflare disabled:

When cloudflare is disabled I can access the site, but when enabling cloudflare I get the “525: SSL handshake failed” error.

I can of course easily solve this by adding the ECDHE-RSA-AES128-GCM-SHA256 cipher back to my site config, but it makes me wonder: doesn’t cloudflare support AES256 or TLS 1.3 in the connection to the origin, or is there something else I have to configure?

I’m using nginx 1.15.8 built with OpenSSL 1.1.1a on alpine linux 3.9.0 in case it matters.

closed #2

This topic was automatically closed after 30 days. New replies are no longer allowed.