We have four domains (With around 15 subdomains) running on Cloudflare using “zero trust / access” and the standard Cloudflare proxy functionality. We are using the Cloudflare SSL service for our toplevel domain and subdomains. Every site is configured on “strict” SSL.
In our monitoring software (and on our MacOs laptops with curl tests) we see the following error on three of those domains, around 0.1% of the uptime tests are failing with this error. The other domain (exactly the same config, around the same subdomains) doesn’t have this error.
Pending: 0008894BC87F0000:error:0A0003FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 20
The error results in now and then broken services, rest api services failing, etc.
We are also monitoring other urls and the only “other urls” that are failing are URL’s behind Cloudflare (Gitlab for example).
We think we have checked every possible thing:
Firewall, mtu settings, etc
We are not able to find anything, we are now out of options and we really can use help in order to fix this issue.
Then it will be either something your network or your code does not like about Cloudflare’s SSL setup or your ISP has connectivity issues.
Again, if this was a Cloudflare issue, the forum would be flooded. There is no evidence so far that this is remotely Cloudflare related. For that reason I am afraid I’d need to refer you to StackExchange or Reddit, as debugging and server administration is beyond the scope of the forum and off-topic for here.