Intermittent ERR_SSL_PROTOCOL_ERROR and TLS handshake failures on Vercel custom domain

Problem

We are experiencing an intermittent TLS handshake failure on pokepath.gg. The site was working normally until a few days ago, then suddenly started failing for some users.

Current Behavior

• Some users cannot access pokepath.gg due to ERR_SSL_PROTOCOL_ERROR.
• The issue is intermittent and ISP-dependent: the site may load correctly, then fail again for the same users without any changes.
• It works on mobile data (4G/5G) but fails on residential Wi-Fi (e.g., Spectrum in NY, US and various ISPs in Brazil) on the same devices.

Expected Behavior

The site should load normally over HTTPS for all users, consistently.

Observed Errors

• ERR_SSL_PROTOCOL_ERROR
• schannel: failed to receive handshake
• SEC_E_INVALID_TOKEN (0x80090308)

Environment

• Domain: https://pokepath.gg
• Hosting: Vercel (Hobby plan)
• DNS provider: Porkbun
• Framework: static / frontend-only site

Debugging Steps Taken

1. Verified DNS resolution works correctly.
2. Verified ping works (0% packet loss).
3. Confirmed TLS handshake fails across all tested Vercel IPs.
4. Ran the official Vercel connectivity debug script from an affected US ISP.

No code or configuration changes were made before the issue started. The issue appears related to Vercel edge / POP TLS routing. I can send the full vercel-debug.txt output if needed.

What should I do on my side?

Okay, I managed to find the solution: I simply changed hosting providers. Bye bye Vercel (and thanks for everything), hello Cloudflare!