ErrorFindly
5255xx Server ErrorCritical

HTTP 525 SSL Handshake Failed

Defined in Cloudflare

What Does HTTP 525 Mean?

Cloudflare could not negotiate a SSL/TLS handshake with the origin server.

Common Causes

  1. 1Origin SSL certificate expired or invalid
  2. 2SSL/TLS version mismatch between Cloudflare and origin
  3. 3Origin not configured for HTTPS
  4. 4Cipher suite mismatch
  5. 5Cloudflare SSL mode set to Full but origin has no certificate

Impact

  • Website completely unavailable via HTTPS
  • Security warning or error page displayed

Developer Fix

For web developers and application engineers

  1. 1Install a valid SSL certificate on the origin server
  2. 2Use Cloudflare Origin CA certificates (free)
  3. 3Ensure TLS 1.2+ is supported on the origin

Server Admin Fix

For system administrators and DevOps engineers

  1. 1Install or renew SSL certificate on origin
  2. 2Verify SSL configuration with SSL Labs test
  3. 3Ensure Cloudflare SSL mode matches origin setup
  4. 4Enable TLS 1.2 and 1.3 on origin server

Frequently Asked Questions

What Cloudflare SSL mode should I use?
Use 'Full (Strict)' with a valid origin certificate for best security. Use 'Full' with a self-signed cert. Use 'Flexible' only if you can't install any certificate on the origin (not recommended).
How do I fix a 525 error?
Install a valid SSL certificate on your origin server (Cloudflare provides free Origin CA certs), ensure TLS 1.2+ is enabled, and verify your Cloudflare SSL mode matches your origin configuration.

Related HTTP Status Codes

526Invalid SSL Certificate502Bad Gateway

About the Author

Web Infrastructure Team

Verified against official RFC specifications and real-world server configurations. HTTP status code behavior confirmed across Apache, Nginx, and Cloudflare.