SSL error

[semnell]

Hey,

we're using this project to proxy some DNS traffic for cert manager,

We're currently having an issue with some SSL errors, could you look into this?

logs:

[W] 1738324711.725271 https_client.c:353 678A: curl request failed with 0: No error
[W] 1738324711.725284 https_client.c:355 678A: curl error message: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to cloudflare-dns.com:443
[W] 1738324711.725288 https_client.c:382 678A: No response (probably connection has been closed or timed out)
[W] 1738324711.725290 https_client.c:419 678A: CURLINFO_SSL_VERIFYRESULT: Unsupported protocol

curl -v on local machine:

curl -v https://cloudflare-dns.com/dns-query
* Host cloudflare-dns.com:443 was resolved.
* IPv6: 2606:4700::6810:f9f9, 2606:4700::6810:f8f9
* IPv4: 104.16.249.249, 104.16.248.249
*   Trying 104.16.249.249:443...
* Connected to cloudflare-dns.com (104.16.249.249) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=cloudflare-dns.com
*  start date: Jan  2 00:00:00 2025 GMT
*  expire date: Jan 21 23:59:59 2026 GMT
*  subjectAltName: host "cloudflare-dns.com" matched cert's "cloudflare-dns.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cloudflare-dns.com/dns-query
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cloudflare-dns.com]
* [HTTP/2] [1] [:path: /dns-query]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET /dns-query HTTP/2
> Host: cloudflare-dns.com
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/2 400
< server: cloudflare
< date: Fri, 31 Jan 2025 11:59:16 GMT
< access-control-allow-origin: *
< cf-ray: 90a988debf61b8c6-AMS
<
* Connection #0 to host cloudflare-dns.com left intact

[aarond10]

Can you provide more details on the version of libcurl you're built against? And can you confirm your system time is set correctly?