525 SSL Handshake Failed β
Meaning β
A Cloudflare-specific status indicating that the SSL/TLS handshake between Cloudflare and the origin server failed. This often means Cloudflare couldnβt establish a secure connection to the origin (certificate issues, protocol mismatch, etc.).
When to Use β
When the proxy fails to negotiate an SSL/TLS session with the origin server. Causes can include the origin having an invalid SSL certificate, unsupported protocol versions, or other issues in the handshake process.
Example β
Cloudflare will return a 525 SSL Handshake Failed if, for example, the origin server has an expired or self-signed certificate that Cloudflare doesnβt accept, or if the origin only supports ciphers/protocols that are not compatible with Cloudflareβs requirements.
When Not to Use β
Do not use in standard server responses. This is reported by proxies. If an origin server experiences handshake issues with a client directly, it wouldnβt send a 525; the connection would just fail. 525 is part of Cloudflareβs error set to inform the client that the proxy-to-origin SSL handshake failed.
Source β
Unofficial (Cloudflare)