I'm trying out a new configuration that involves multiple DNS setups. I have:
- test.domain_a.com (using Azure DNS) pointing to test.domain_b.com (which has Cloudflare Proxy) and then to nginx with Let's Encrypt on b.com.
- test.domain_c.com (using Cloudflare DNS) also pointing to test.domain_b.com (with Cloudflare Proxy) and then to nginx with Let's Encrypt on b.com as well.
To summarize, test.domain_b.com and test.domain_c.com are working fine, but when I try to access test.domain_a.com, I get an error message in my browser stating it 'uses an unsupported protocol.' The specific error I see is: ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
When I run CURL, I also receive this feedback:
- TLSv1.3 (IN), TLS alert, handshake failure (552):
- OpenSSL/3.0.13: error:0A000410:SSL routines::sslv3 alert handshake failure
- Closing connection
- curl: (35) OpenSSL/3.0.13: error:0A000410:SSL routines::sslv3 alert handshake failure.
I know this might seem like a basic question, but I'm unsure why this error is happening!
3 Answers
If you have nmap available, try using this command: `nmap --script ssl-enum-ciphers -p 443 test.domain_a.com`. This command will help you check which SSL/TLS ciphers are supported by that domain, and it may reveal why you're encountering the handshake failure.
If you're on Ubuntu, try running this command on all your DNS servers: `openssl ciphers -v`. One of the servers might have a cipher that the other doesn't support. This could explain why the connection fails when accessing from different DNS setups.
It looks like one of your three sites is configured to use a version of SSL/TLS that your browser or CURL can't handle. You're mentioning getting an sslv3 alert handshake failure, which usually means your browser is trying to use an outdated protocol. SSLv3 has been obsolete for several years now, so that could be the core reason for the issue.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures