We are working with a HTTPS endpoint hosted in the UK on an Azure Application Gateway.
So far, all location in the UK and wider have been able to access it.
A specific client site in Singapore cannot from some devices (tablets, linux servers etc) but can from Windows Laptops/Desktops.
The curl and openssl output shows the TLS process getting stuck after the Client Hello.
All other services we've tested appear to work (AWS LB, Azure AG on another project, CloudFlare CDN, etc).
It looks like the often reported TLS/MTU issue, however it only works if we drop the MTU of the client device ridiculously low to 96.
An Application Gateway in Singapore exhibits the same issue, serving a simple test page.
Some ideas online suggest packet related blocking but given we can reproduce it with different conditions this seems less likely. The customer's IT team claim the network configuration is fairly standard.
This is one of the furthest access location, but not the most distant site, which is also fine.
* Trying xx.xx.xx.xx...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x1c628b0)
* Connected to xx.xxx.xxx (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to xx.xxx.xxx:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to xx.xxx.xxx:443
openssl s_client
-- that should give at least the errno, and sometimes more. If that doesn't make it clear I would try to get, and look at, a network capture, preferably wireshark.