Resolve CloudFlare error 525: SSL handshake failure

Resolve CloudFlare error 525: SSL handshake failure

Secure socket Layers(SSL) shields information sent between a browser and a server. SSL encryption ensures that the connection between a web server and browser remains secure, so data passed back and forth will not be accessed by outside parties.

The SSL Record, Handshake, and Change-Cipher Spec protocols create a secure communication environment between clients (such as web browsers) and servers.

What's SSL/TLS Handshake?

The SSL and TLS handshake begins establishing a secure connection between two parties—in other words. It is part of the negotiation when two computers try to talk to each other on a network. The Handshake Protocol is used to initiate communication sessions. The client and server can verify each other by sending messages back and forth. Handshake protocol uses four stages to complete its circle.

Steps to solve SSL Handshake Cloudfare error 525

Step 1:
First, ensure your website has an installed certificate from SSL. To display the origin certificate, Insert the web server’s IP address in & try to replace with your domain name and host:

$ curl -svo /dev/null --connect-to :: 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"
Step 2: Ensure your hosting provider is configured to accept connections on port 443/whatever other port 106 you use.

Step 3: Verify that your origin server is configured properly for SNI 1.9k.

Step 4: Accepting the cipher Cloudflare and support offered by server originate may not be matched.

Step 5: Review the cipher suites used by your server to ensure they are compatible with those supported by Cloudflare. If you are the site owner and occasionally see errors, this may show the result that the SSL handshake has been reset by the origin that too accepted by the definition from Cloudflare and TCP.

Check with your web host to see if the site is experiencing any problems.

Step 6: Apache must configure 404 to log mod_ssl errors, and Nginx captures them in its standard error log by default. Please increase the log level if necessary.

Step 7: Next, pause Cloudflare or add an entry to your local host's file that points directly to your server IP address to test whether the server is presenting an SSL certificate.

Step 8- When you cURL to the origin on port 443, you receive an error message that begins with: "error:1408F10B".

Turn off TLS 1.3 on the Edge Certificates tab of the SSL/TLS app in your Cloudflare dashboard.

To check what TLS version is supported, use the following cURL command:

Then, replace MYORIGINIP with your Cloudflare DNS app's A record IP address from the dashboard and with your domain:

$ curl -svo /dev/null --connect-to ::MYORIGINIP 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"
Step 9: In the cURL command, you can add the below-mentioned options to test the version of TLS:


Using the steps provided, you can fix Cloudfare SSL handshake error 525. Follow the steps and use the command provided in the steps to fix this error.
First release
Last update
0.00 star(s) 0 ratings

More resources from kumkumsharma