Our users reported that they can’t access to site over HTTPS , from Iran’s ISP’s especially Cellular operators , But they can access without HTTPS ,
We’ve checked and debugged and found that the TLS handshake process Only pass the second one and then connection closes
I know not matter which server config we use , but
Server in Nginx , Certificate LE
and add this one that we have tested with another domain on same server IP and configuration and affected users can access this domain over HTTPS
to see if you can find any similarities to your situation (or if any of the people who participated in that thread would like to take a look at your situation for comparison).
As I know this is not so much related to censorship, because censored domain usually redirected to another page that warn user that this Domain or IP was blocked , but in this case we Have ping to domain , we have Traceroute success reply , but the only thing we have issue is the Handshake process , I want to know if is there any way to change something here to solve this
A hostile network that is manipulating traffic flows is indistinguishable from censorship. It doesn’t really matter about the intent or whether your site is “collateral damage”. There’s nothing that anybody on this forum can do to fix it - you have to hide your traffic (TLS isn’t really “hidden”) or choose a different network path.
FWIW from my investigation in that linked thread, I’m 99% sure it’s intentional manipulation even if it’s not clear why.
OK , So I think it’s better to hope a world without borders and censorship for each other and wait for some beautiful day , and for now it is better we buy a piece of farm land and make a small farm for growing potato’s and carrots , this way finally we have a warm soup at the end of the day