2

My site: https://www.notfriendly.xyz/ (disabled CloudFlare) (See CloudFlare enabled at https://host.notfriendly.xyz) is failing to connect claiming a protocol error after enabling CloudFlare. Could someone tell me what is causing this? For the time being I disabeld their reverse proxy and the protectons.

My nginx ssl config is:

    https://50.16.136.91
 #ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    #ssl_ciphers        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA25$
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
    ssl_dhparam ssl/dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; $
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

I'm unsure what's causing the error.

CloudFlare is also stuck on "authorizing certificate".

It's disabled so hopefully site will be back soon.

What can I do to make CloudFlare work with my site?

EDIT: I showed a working URL and added a test to demonstate the error.

  • 1
    Is your Strict-Transport-Security header incorrect or is that a typo? – Barry Pollard May 08 '16 at 20:14
  • No it's correct. It turned out that CloudFlare hadn't issued an SSL Certificate yet. It was causing protocol issues. They've issued it now and the reverse-proxy re-enabled. Thanks though :) –  May 08 '16 at 20:37
  • 2
    It can't be correct if it's the same as what you posted above. It's been cut off early and has a $ instead of closing quotation. Anyway glad you got it sorted. You should post the solution as an answer and accept it in case others have same issue (it is acceptable to answer you own questions though you probably shouldn't make a habit of it!). – Barry Pollard May 08 '16 at 20:41

1 Answers1

1

If there is an SSL error between your origin and CloudFlare has failed, you'd see either a 525 Handshake Failed or a 526 Invalid Certificate error.

CloudFlare 525 error page

In your case there is evidently an issue between CloudFlare and the browser. An SSL protocol error can indicate that CloudFlare hasn't issued the SSL certificates. SSL certificates are instant when using a Pro plan but can take up to 24 hours for Free users. Your domain name may be flagged for additional review before our vendors will issue a certificate if it's suspicious; you will need to contact CloudFlare Support to complete the manual review.

SSL Protocol Error in Chrome

mjsa
  • 385
  • 2
  • 5