Tickets not showing up on MY cases and SSL 525 handshake error

Website, Application, Performance DNS & Network
1

What is the name of the domain?

What is the issue you’re encountering

When the DNS A record for Herotoyz.com is proxied the site gets broken and gets a 525 SSL handshake error. Also even the support ticket was made no response automatically closed. Can not even see the cases on my end,

What steps have you taken to resolve the issue?

All these requirements have been updated. No issue on the server end. The issue comes only when the website is proxied through cloudflare

valid SSL certificate installed

Port 44 is open

SNI support

The cipher suites accepted by Cloudflare match the cipher suites supported by the origin web server

Very disappointed. Opened a support ticket and it automatically closed no response and I created a follow up ticket and I can not even see the tickets on my end after a while and I made a ticket to regarding the SSL handshake matter still no response and no fix.

01280292 / 01313452 ticket now showing
01283673 / 01280285 SSL handshake error
01302866 Follow up ticket

What feature, service or problem is this related to?

I don’t know

2

Seems www is proxied and redirects to the apex domain at your origin, so I assume that is the same configuration as for the apex domain.

Using the apex domain through the proxy seems to work ok for me at the moment, can you try proxying it again?

curl -svo /dev/null https://herotoyz.com --connect-to ::104.26.2.79
* Connecting to hostname: 104.26.2.79
*   Trying 104.26.2.79:443...
* Connected to 104.26.2.79 (104.26.2.79) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [317 bytes data]
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [19 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [2531 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [80 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=herotoyz.com
*  start date: Nov 19 08:10:08 2024 GMT
*  expire date: Feb 17 08:10:07 2025 GMT
*  subjectAltName: host "herotoyz.com" matched cert's "herotoyz.com"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://herotoyz.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: herotoyz.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: herotoyz.com
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/2 200
< date: Fri, 20 Dec 2024 19:32:08 GMT
< content-type: text/html; charset=UTF-8
< x-powered-by: PHP/8.1.31
< last-modified: Fri, 20 Dec 2024 15:19:37 GMT
< vary: Accept-Encoding,Accept-Encoding
< cache-control: public, max-age=0
< expires: Fri, 20 Dec 2024 19:32:07 GMT
< alt-svc: h3=":443"; ma=86400
< x-turbo-charged-by: LiteSpeed
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7CE05AS3rNnXMgVK3F7UHL8jRvfV7AFQs0NX661Xa8HTSjxUnJBKZvX49mag%2F8TNytt4vWv8e4HS9KIOOwXBcQflUX8RvB7JUXOs2S%2FjrKdAEEksMtujFSkvuivKxg%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< strict-transport-security: max-age=15552000; preload
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 8f520e80fbb8b355-MAN
< server-timing: cfL4;desc="?proto=TCP&rtt=0&min_rtt=0&rtt_var=0&sent=0&recv=0&lost=0&retrans=0&sent_bytes=0&recv_bytes=0&delivery_rate=0&cwnd=0&unsent_bytes=0&cid=74cc541e7f86fee7&ts=401&x=0"
<
{ [1360 bytes data]
* Connection #0 to host 104.26.2.79 left intact
1 Like
6

I can see it’s working form one machine but not from another:

curl -svo /dev/null https://herotoyz.com --connect-to ::104.26.2.79
* Connecting to hostname: 104.26.2.79
*   Trying 104.26.2.79:443...
* Connected to (nil) (104.26.2.79) port 443 (#0)

...

* Server certificate:
*  subject: CN=herotoyz.com
*  start date: Nov 19 08:10:08 2024 GMT
*  expire date: Feb 17 08:10:07 2025 GMT
*  subjectAltName: host "herotoyz.com" matched cert's "herotoyz.com"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0

...

> GET / HTTP/2
> Host: herotoyz.com
> user-agent: curl/7.81.0
> accept: */*
>

...

< HTTP/2 200
< date: Sun, 22 Dec 2024 01:56:59 GMT
< content-type: text/html; charset=UTF-8
< x-powered-by: PHP/8.1.31
< last-modified: Sun, 22 Dec 2024 01:26:10 GMT
< vary: Accept-Encoding,Accept-Encoding
< cache-control: public, max-age=0
< expires: Sun, 22 Dec 2024 01:56:59 GMT
< alt-svc: h3=":443"; ma=86400
< x-turbo-charged-by: LiteSpeed
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ib4RLb23yzhitJKbaZqAzMA0VuricIKDypzvXRMh94fNOYSckXhRq%2BIdmA%2BOcY36rRdZBN4BBtTbLR63N2tkWZEpRIbRhrwwy7lVCUnn5TVvTypY7D62Zp44yaxzlw%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< strict-transport-security: max-age=15552000; preload
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 8f5c7f9b6a8d7168-DUS
< server-timing: cfL4;desc="?proto=TCP&rtt=15546&min_rtt=14312&rtt_var=3938&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3426&recv_bytes=818&delivery_rate=197897&cwnd=217&unsent_bytes=0&cid=1aebf8896d1d4eba&ts=408&x=0"

However, from another machine:

curl -svo /dev/null https://herotoyz.com --connect-to ::104.26.2.79
* Connecting to hostname: 104.26.2.79
*   Trying 104.26.2.79:443...
* Connected to 104.26.2.79 (104.26.2.79) port 443
* ALPN: curl offers h2,http/1.1

...

* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=herotoyz.com
*  start date: Nov 19 08:10:08 2024 GMT
*  expire date: Feb 17 08:10:07 2025 GMT
*  subjectAltName: host "herotoyz.com" matched cert's "herotoyz.com"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384

...

> GET / HTTP/2
> Host: herotoyz.com
> User-Agent: curl/8.5.0
> Accept: */*
>

...

< HTTP/2 525
< date: Sun, 22 Dec 2024 01:57:18 GMT
< content-type: text/plain; charset=UTF-8
< content-length: 15
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SIQsdHjB5zjJ6%2F9pIwReJEqAVS%2BNlBM0g1Pyjdm%2FaHt5yobYGs%2Bi8cI4uhSnuoax%2BRr11iRDoXBxSR%2BY1Pc4oY%2FHej5WtdAKMKIf4LF2sFfOusKKOnNHKOeP59x3gw%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< strict-transport-security: max-age=15552000; preload
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< referrer-policy: same-origin
< cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< expires: Thu, 01 Jan 1970 00:00:01 GMT
< server: cloudflare
< cf-ray: 8f5c80164efb4c78-HEL
< alt-svc: h3=":443"; ma=86400
< server-timing: cfL4;desc="?proto=TCP&rtt=1285&min_rtt=1169&rtt_var=405&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3426&recv_bytes=774&delivery_rate=2477331&cwnd=253&unsent_bytes=0&cid=9b2df9af1c6f46a9&ts=313&x=0"
<
{ [15 bytes data]
* Connection #0 to host 104.26.2.79 left intact

These results are consistent and within seconds of each other.

So my guess would be that your host has some sort of firewall that is blocking some of Cloudflare’s IP addresses.

7

All the Cloudflare IPS are allowed by the firewall not sure how to locate the issue. Server hosing is saying that this a cloudflare issue
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32

8

Someone from Cloudflare had a look and confirmed that the bad response is coming from your server/host.

9

Can you tell me which IP is blocked as namehero is saying that no IPS are blocked and all cloudflare IPs have been allowlisted.
Can you help me pinpoint what the exact issue is?
I would have loved if I could get any response on my support tickets or at least see them on the cases tab which I can not at the moment.

10

No, I don’t have any insight into that.

11

Thank you for the prompt reply. Are you sure everything on the cloudflare is working correctly and there are no issues on your end?

12

I’m not sure of anything. I don’t work for Cloudflare and have no visibility into their internal systems.

But I’ve talked to an Engineer who looked at it and confirmed that the connection was closed from the hosting site before an SSL connection was established. That’s all I know I’m afraid.