> Is it possible the browsers are trying to send early data? I doubt it, I was not reporting the error, trying to report errors before they disappear with clean-up code is an art, and does not always work, so mostly I now see: error:00000000:lib(0):func(0):reason(0), State: TLSv1.3 early data, connection closed unexpectedly but sometimes error:140E0197:SSL routines:SSL_shutdown:shutdown while in init, State: SSL negotiation finished successfully But only four failures are logged on the live server so far, there will be more handshake failures overnight that might be more helpful. Suspect the real issue is simply the client abandoning the connection, and different places leave different errors. Some failures are obvious like TLSv1 which is disabled on the server. But I was worried our TLSv1.3 implementation was missing something important. Read a lot about early data, but not really why anyone uses it in practice, if it is used. Quite content to continue to ignore early data. Angus