Websocket is unstable

Since August 25th, there has been an issue with the WebSocket service. WebSocket Secure (WSS) connections have become highly unstable, often requiring multiple reconnections to establish a stable connection. Once stabilized, the service continues to function normally as long as there are no disruptions. Prior to August 25th, this service had been operating smoothly for three years.If the DNS settings are changed from “Proxied” to “DNS only” and switch to WS connections, the connection will become stable.i use pro plan on cloudflare.


We have also recently been experiencing issues with secure WebSocket connections when proxied through Cloudflare, having used them for a long time without problems. When connecting to our WS server (hosted in AWS) directly, connections work reliably. When connecting via a Cloudflare proxy, it fails about 7/10 times. Our WebSocket server is written in Python using gevent + ws4py. There is a Python tool at GitHub - hypothesis/websocket-tester: Testing tool for Hypothesis WebSocket which can be used to test the connection.

When the connection is not working, we can observe from our server logs that the client connects, we are receiving messages and sending responses, but they are not received by the client.

Cloudflare proxied endpoint: wss://h-websocket.hypothes.is/ws
Direct endpoint: wss://h-websocket-prod.eba-2dpeeum3.us-west-1.elasticbeanstalk.com/ws (use --no-ssl-verify flag when using above testing tool)

I am currently trying to create a simplified server-side environment to narrow down the problem further on our end, but in the meantime I wanted to ask if anything has recently changed in Cloudflare’s WebSocket proxying?

Update: The problem appears to have been resolved for us this morning. See Erratic WebSocket messages delivery · Issue #8183 · hypothesis/h · GitHub.

Update: After our testing, it seems to have been resolved .

We have started to see the problem re-occur, we think it started within the last couple of days. Connecting to our WebSocket endpoint in AWS directly works, connecting via the Cloudflare proxy is unreliable. See Erratic WebSocket messages delivery · Issue #8183 · hypothesis/h · GitHub for a tool to reproduce.