SSL Handshake Failed
Plain-English meaning
TLS negotiation failed before any HTTP request/response could be exchanged.
Why it happens
Client and server could not agree on TLS requirements. Version/cipher mismatch, incomplete certificate chain, wrong certificate for SNI host, or mTLS policy mismatch.
Common causes
- Client and server share no compatible TLS versions/ciphers
- Intermediate certificate missing in served chain
- Wrong certificate served for requested SNI hostname
- mTLS required but client certificate missing/invalid
What to check first
Inspect handshake with openssl s_client, verify certificate chain and SAN, and check TLS policy on CDN/LB/origin listeners.
How to fix it
Install full certificate chain, align TLS policy/ciphers, and correct SNI or mTLS configuration so the expected certificate is presented.
Example signal
SSL handshake failed alert handshake_failure
Related links
ERR_CONNECTION_REFUSED · ERR_CERT_COMMON_NAME_INVALID · Cloudflare 522 · Cloudflare 524