525 SSL Handshake Failed

Fault: Server

TL;DR

A Cloudflare-specific code: in Full or Full (strict) SSL mode, Cloudflare could not complete TLS with the origin.

The SSL/TLS handshake between Cloudflare and the origin failed.

What HTTP 525 SSL Handshake Failed Means

The SSL/TLS handshake between Cloudflare and the origin failed.

A Cloudflare-specific code: in Full or Full (strict) SSL mode, Cloudflare could not complete TLS with the origin.

Common Causes

No valid SSL certificate on the origin
Cipher suite or TLS version mismatch
Origin not configured for HTTPS on the expected port
SNI handling problems

How to Fix It (For Visitors)

Contact the website owner

How to Fix It (For Developers/Admins)

Install a valid certificate on the origin
Match supported TLS versions and cipher suites
Ensure the origin listens on 443 with HTTPS
Verify Cloudflare SSL mode matches origin capabilities

Returning a 525 SSL Handshake Failed (Code Examples)

If you build APIs or web apps, here is how to send an HTTP 525 response and how to test for it:

Node.js (Express)

app.get('/resource', (req, res) => {
  res.status(525).json({ error: 'SSL Handshake Failed' });
});

Python (Flask)

@app.route('/resource')
def resource():
    return jsonify(error='SSL Handshake Failed'), 525

PHP

<?php
http_response_code(525);
header('Content-Type: application/json');
echo json_encode(['error' => 'SSL Handshake Failed']);

Check the status with curl

curl -I https://example.com/resource
# Look for: HTTP/1.1 525 SSL Handshake Failed

Frequently Asked Questions

What does HTTP 525 SSL Handshake Failed mean?

A Cloudflare-specific code: in Full or Full (strict) SSL mode, Cloudflare could not complete TLS with the origin. In short: The SSL/TLS handshake between Cloudflare and the origin failed.

Is a 525 SSL Handshake Failed error my fault or the website's?

525 is a 5xx server-error code, so the problem is on the server side, not your browser or device. As a visitor you can usually only retry; if you run the site, investigate the server.

How do I fix a 525 SSL Handshake Failed error?

Install a valid certificate on the origin. Match supported TLS versions and cipher suites. Ensure the origin listens on 443 with HTTPS.

Official Specification

The 525 SSL Handshake Failed status code is defined in Cloudflare (non-standard).

View the IANA HTTP Status Code Registry →