Getting strange SSL errors when connecting to Cloudflare Pages site

We see a small percentage of our users running into SSL issues when connecting to app.skiff.com which runs on Cloudflare Pages. The underlying TLS error is * error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number The really strange part is that the SSL connection goes away when they move off of wifi and onto their 4g/5g connection. This was true for an Android device connecting to the Haifa data center. This was true for an iphone and osx device connecting to San Jose data center. When the iphone switched to their cellular connection, the osx machine switched to hotspot onto their iphone, and the SSL connections disappeared dissappeared for the osx device. To confirm, there is a subset of clients who see this message for ALL connection attempts, and other clients have no issue.
$ curl https://app.skiff.com/ -v
* Trying 2606:4700:3108::ac42:2918:443...
* Connected to app.skiff.com (2606:4700:3108::ac42:2918) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
* Closing connection 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
$ curl https://app.skiff.com/ -v
* Trying 2606:4700:3108::ac42:2918:443...
* Connected to app.skiff.com (2606:4700:3108::ac42:2918) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
* Closing connection 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
We have an internal ticket # 2855049 but just wanted to raise awareness here in case anyone has seen this before. Note that we do not see any SSL issues for cloudflare proxied records like our api server (api.skiff.com).
3 Replies
cryptomania | skiff
cryptomania | skiffOP•2y ago
@Walshy | Pages if you have a second to take a look. We're getting increasing user reports from our discord where users are unable to load our app that is served through Pages
Walshy
Walshy•2y ago
👀 This one is quite outside my wheelhouse haha but I have added myself to the ticket
cryptomania | skiff
cryptomania | skiffOP•2y ago
No worries! Thank you for looking into it!
Want results from more Discord servers?
Add your server