Got timeout while getting TLS handshake from MASK_HOST

[black-cerberon]

When I use my own domain instead google.com, one.one.one.one, etc., got this error handshake. Proxy work fine, but I can't understand what's wrong. Also when use google.com as mask host, have no errors. May it possible to use TRUE own certs?

nginx with TLS 1.3, cert by Let's Encrypt

[alexbers]

The "got timeout" error occurs if the MASK_HOST did not answer the TLS query. You can use tcpdump utility to see the traffic and check if the hosts answers. Also you can try to specify an IP address in MASK_HOST, it may be some issues with DNS.

[black-cerberon]

Host available via DNS and web. Can I use Let's Encrypt certs for proxy like in OpenVPN?

[alexbers]

You can use any certs because the proxy never tries to parse them, it need only their length.

[black-cerberon]

Maybe timeout error reason in nginx's cipher suit?

[andymc88]

Could be a firewall problem preventing acceptance of the response to the TLS query.

[black-cerberon]

Port is open.

[dashezup]

I got the same issue. Is it because of key length? it's RSA 4096 bits here nmap -p 443 --script ssl-cert ezup.dev show correct response on the server. I also use SSL cert by Let's Encrypt, but changed key length to 4096 to be more secure.

I have custom SSL ciphers in nginx configuration though, to filter insecure ciphers. ssl_ciphers ECDH+CHACHA20:DH+CHACHA20:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!aNULL:!DSS:!SHA384:!SHA256:!SHA;

https://www.ssllabs.com/ssltest/analyze.html?d=ezup.dev