Subject: SSL/TLS Handshake Failure when connecting from Railway to Cloudflare R2 (boto3 / FastAPI)
anmeldung87
HOBBYOP

17 days ago

Hello,

I’m experiencing persistent SSLV3_ALERT_HANDSHAKE_FAILURE errors when my Python FastAPI backend (hosted on Railway) attempts to connect to Cloudflare R2 using boto3.
The same code works locally and on other platforms, so it appears to be related to Railway’s runtime or SSL environment.

Error Message

SSL validation failed for https://[account-id].r2.cloudflarestorage.com/[bucket-name]
[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1032)

Environment

  • Hosting: Railway

  • Runtime: Python 3.x (FastAPI backend)

  • Library: boto3 / botocore

  • Target: Cloudflare R2 (S3-compatible API)

  • Connection: Outbound HTTPS to *.r2.cloudflarestorage.com

What I Have Tried

  • Path-style addressing

  • AWS Signature v4

  • Disabled SSL verification (verify=False) – still fails

  • Different boto3 Config settings

  • Confirmed Access Key + Secret Key

  • Works perfectly locally and on other deployments

Code Example (simplified)

import boto3
from botocore.config import Config

boto_config = Config(
    signature_version='s3v4',
    s3={'addressing_style': 'path'}
)

s3_client = boto3.client(
    's3',
    endpoint_url='https://[account-id].r2.cloudflarestorage.com',
    aws_access_key_id='...',
    aws_secret_access_key='...',
    region_name='auto',
    config=boto_config
)

# Test call
s3_client.list_objects_v2(Bucket='my-bucket', MaxKeys=1)

Also attempted:

s3_client = boto3.client(..., verify=False)

The handshake still fails immediately.

Both attempts fail with the exact same SSL handshake error, even when SSL verification is completely disabled (verify=False).

My Question

Is this a known issue with Railway’s Python runtime, SSL/OpenSSL configuration, or outbound TLS policies when connecting to Cloudflare R2?

Are there any recommended:

  • runtime patches,

  • OpenSSL upgrades,

  • outbound TLS configuration changes,

  • or other workarounds on Railway’s platform
    to allow successful connections to Cloudflare R2?

Expected Behavior

Successful TLS handshake → ability to list/upload objects in Cloudflare R2.

Actual Behavior

Immediate SSLV3 alert handshake failure.

Thank you very much for your assistance!

$10 Bounty

3 Replies

Railway
BOT

17 days ago

Hey there! We've found the following might help you get unblocked faster:

If you find the answer from one of these, please let us know by solving the thread!

anmeldung87
HOBBYOP

17 days ago

Unfortunately, I still haven't solved it. I hope someone can help me.
anmeldung87
HOBBYOP

17 days ago

So, after about 16 hours of work and numerous attempts, here's the solution. I created a worker on Cloudflare and thus bypassed and solved the problem.
Loading...