Hi,
I faced the issue recently with SOME websites not opening via HTTPS protocol correctly. The behavior was:
$ curl -i -v https://web.site
* Trying 185.xx.xx.xx:443...
* Connected to web.site (185.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
it was for SOME websites only and only in SOME locations - the same device was passing traffic correctly in one network but was failing in the other network (ISP INEA). Configuration was fairly simple - just basic routing with masquerade.
It was narrowed down to MTU issue and removing EOIP tunnel from bridge was the solution. I haven't tried to force MTU at the bridge level as suggested earlier.
leaving this post here as it was second time I was struggling with such issue within last 3 years, so I have reference in the future
Ser@fin