Hello Everyone,
We are facing an intermittent issue while posting requests to the ZATCA Fatoora Gateway:
cURL error 35: OpenSSL SSL_connect: Connection reset by peer in connection to gw-fatoora.zatca.gov.sa:443
What We Found
It appears that the domain gw-fatoora.zatca.gov.sa is load-balanced across multiple IPs. One gateway node is working correctly, while another fails during the TLS handshake:
| IP Address | Status | Result |
|---|---|---|
185.117.128.50 |
 Works |
TLS handshake successful |
185.117.129.50 |
 Fails |
Connection reset during ClientHello |
The failure happens before authorization headers or payload are sent, so it does not appear to be related to certificates, tokens, or request format.
Error Log
Failing node output:
* Trying 185.117.129.50:443...
* OpenSSL SSL_connect: Connection reset by peer
Working node output:
* Trying 185.117.128.50:443...
* TLS handshake OK
Is anyone else experiencing intermittent TLS handshake failures, especially when the gateway resolves to 185.117.129.50?
Please comment with:
-
Your environment (PHP / Java / .NET, cURL version, OS)
-
Whether you see similar behavior
-
If you have any workaround (pinning IPs, retry logic, etc.)