Intermittent TLS Connection Reset to rubygems.org #5922
Description
Intermittent TLS Connection Reset to rubygems.org
Summary
I'm experiencing intermittent "Connection reset by peer" errors when connecting to rubygems.org:443 from a Debian 12 server, despite stable ping responses. The issue occurs sporadically, with some attempts succeeding and others failing.
Environment
OS: Debian 12
Tool: curl (latest version via apt)
CA Certificates: /etc/ssl/certs/ca-certificates.crt (updated with update-ca-certificates)
Date and Time: 11:49 PM PDT, August 19, 2025
Steps to Reproduce
Run ping rubygems.org - Results in stable response (e.g., 0% packet loss, avg time 1301ms).
Run curl -v https://rubygems.org - Occasionally succeeds, but often fails with:* Recv failure: Connection reset by peer
- Closing connection 0
curl: (35) Recv failure: Connection reset by peer
Repeat the curl command multiple times - Issue is inconsistent.
Expected Behavior
A stable HTTPS connection to rubygems.org without "Connection reset by peer" errors.
Actual Behavior
Intermittent failures with "Connection reset by peer" errors, suggesting a server-side or TLS handshake issue.
Additional Context
Ping statistics show no packet loss, indicating network connectivity is fine.
Tried specifying TLS versions (--tlsv1.2, --tlsv1.3) with no consistent improvement.
Other HTTPS sites (e.g., google.com) connect without issues from the same server.
Suspect a server-side issue (e.g., CDN, certificate, or load-related).
Possible Solutions
Check server-side TLS configuration or CDN (e.g., Fastly) status.
Verify if certificate validation is causing intermittent rejections.
Request
Please investigate the server-side behavior around 11:49 PM PDT on August 19, 2025, and provide guidance or a fix.
