SSL Handshake Failed

Plain-English meaning

TLS negotiation failed before any HTTP request/response could be exchanged.

Why it happens

Client and server could not agree on TLS requirements. Version/cipher mismatch, incomplete certificate chain, wrong certificate for SNI host, or mTLS policy mismatch.

Common causes

  • Client and server share no compatible TLS versions/ciphers
  • Intermediate certificate missing in served chain
  • Wrong certificate served for requested SNI hostname
  • mTLS required but client certificate missing/invalid

What to check first

Inspect handshake with openssl s_client, verify certificate chain and SAN, and check TLS policy on CDN/LB/origin listeners.

How to fix it

Install full certificate chain, align TLS policy/ciphers, and correct SNI or mTLS configuration so the expected certificate is presented.

Example signal

SSL handshake failed
alert handshake_failure

Related links

ERR_CONNECTION_REFUSED · ERR_CERT_COMMON_NAME_INVALID · Cloudflare 522 · Cloudflare 524

Client errors hub · Comparison pages · Homepage