Sudden 525 Error Without Changes to the Server - June 11, 2019


My sever and CF had been working without trouble for years. I just noticed this morning a 525 SSL Handshake failed (Ray ID: 4e4f8405cdbe77b8 • 2019-06-11 00:37:18 UTC). But I did not make any changes to the server or CF settings. I also checked, and my letsencrypt certificates are still active.

There are many errors such as this in the server (NGINX):
2019/06/11 00:08:52 [crit] 1628#1628: *3 SSL_do_handshake() failed (SSL: error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve) while SSL handshaking, client:, server:

So I don’t know what went wrong. Is it just me, or are others experiencing this as well? Can anyone kindly help?

Website in question:

Okay I really don’t know what happened on CF’s end, but since NGINX error logs is complaining about curves, I had to adjust my echd curves from:

ssl_ecdh_curve secp521r1;


ssl_ecdh_curve auto;

NGINX docs says this may use prime256v1 as a possible default among other curves.

Well, site’s back up again… But I really don’t know what changed in CF to throw that curve mismatch error. :slight_smile: