Hi, all. I apologize in advance, as I’m not a networking expert. On November 6th, 2019 there was some change on the CloudFlare end which caused all previously-working requests in our desktop software to fail with a network disconnected error.
Our software is built using the Xojo framework, and the error occurs when using the HttpSecureSocket class. We receive error 102. In examining packets sent via WireShark, it appears we’re getting a fatal Handshake Failure. Unfortunately, I don’t have a clear picture of what the TLS handshake looked like prior to November 6th.
While we have found a different method for downloading files which plays nicely with CloudFlare, we can only offer this for customers who update their software to our latest version. For legacy customers, we’ve had to circumvent CloudFlare entirely, which has caused a $20 CloudFlare bill to translate to $12,000 when access Amazon S3 directly. We tried putting up an Amazon CloudFront distribution in front of it as a stop-gap, but our Xojo framework ran into issues with that for different reasons, so it’s a no-go.
Has anyone else seen a chance which occurred on or around November 6th which caused a TLS handshake failure, and do you have any recommendations for resolving it?
We currently have the weakest level of encryption enabled in the caching back-end, and allow connections back to TLSv1.0.