Enabling Cloudflare Proxy gives "SSL_ERROR_NO_CYPHER_OVERLAP"


I followed the other threads on using a Cloudflare domain with Fly.io and it works when the proxy status is set to DNS Only. I have two Fly.io certificates generated (*.assassinsgame.cc and assassins game.cc), and 5 DNS entries:

  • A: * →
  • A: assassinsgame.cc →
  • AAAA: * → 2a09:8280:1::6:713e
  • AAAA: assassinsgame.cc → 2a09:8280:1::6:713e
  • CNAME: _acme-challenge → XXXX.flydns.net

I have disabled Universal SSL, and I get the same error regardless of which SSL mode I set Cloudflare to, but it is currently set to “Full”.

curl gives the error curl: (35) error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure

openssl s_client -connect assassinsgame.cc:443 gives the error

4338632236:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 40
4338632236:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/ssl/ssl_pkt.c:585:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 0 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
    Protocol  : TLSv1.2
    Cipher    : 0000
    Start Time: 1663750242
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

Fixed: I had to re-enable Universal SSL, now it appears to be working.