Sslv3 alert bad record mac on 0.1% of the checks on three of four domains running on Cloudflare

Hello everyone,

We have four domains (With around 15 subdomains) running on Cloudflare using “zero trust / access” and the standard Cloudflare proxy functionality. We are using the Cloudflare SSL service for our toplevel domain and subdomains. Every site is configured on “strict” SSL.

In our monitoring software (and on our MacOs laptops with curl tests) we see the following error on three of those domains, around 0.1% of the uptime tests are failing with this error. The other domain (exactly the same config, around the same subdomains) doesn’t have this error.

Pending: 0008894BC87F0000:error:0A0003FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 20

The error results in now and then broken services, rest api services failing, etc.

We are also monitoring other urls and the only “other urls” that are failing are URL’s behind Cloudflare (Gitlab for example).

We think we have checked every possible thing:

  • Firewall, mtu settings, etc
  • Switches
  • Network cables
  • OS updates

We are not able to find anything, we are now out of options and we really can use help in order to fix this issue.

Anybody? I’m not monitoring more domains but the error will only occur on the 3 out 4 domains hosts at Cloudflare.

@emanova

This issue seems to be familiar with the following issue:

I have exactly the same error, all the SSL option are correct but lots of API errors because of SSL errors. Not on all domains, this really seems to be a Cloudflare issue

\edit

@sandro

I noticed that you have moved my post from the original?

Could you elaborate and maybe help?

Because that thread is unrelated to your issue and you already have a topic.

Thanks for your reply. I think it is related since we experience the same errors, only not from a browser but from a python package.

Just because it is the same message does not make it related.

thanks for your substantive response @sandro !

No need to be snarky.

1 Like

:+1:

Any idea what our issue could be? We have checked already lots of things but are unable to find the source of the issue…

My guess? An intermittent connection issue, either on your network or on transit.

Thank you; we were also considering that direction. However, why does it occur only on 3 out of 4 domains, all of which are configured exactly the same? Same REST API calls, same monitoring, etc.

Different domains, different PoPs, different peering. Impossible to say without more details.

However, if 0.1% of the requests to Cloudflare servers did not work, the forum would be flooded.

True… good point, however; the only domains which are popping op (gitlab.com for example) are domains which are running behind Cloudflare. *still looking for a solution :slight_smile:

Then it will be either something your network or your code does not like about Cloudflare’s SSL setup or your ISP has connectivity issues.

Again, if this was a Cloudflare issue, the forum would be flooded. There is no evidence so far that this is remotely Cloudflare related. For that reason I am afraid I’d need to refer you to StackExchange or Reddit, as debugging and server administration is beyond the scope of the forum and off-topic for here.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.