This is the result from tcpdump and curl command
tcpdump -n -v -s0 -i0.0:nnnp host 192.168.2.19 and port 443
tcpdump: listening on 0.0:nnnp, link-type EN10MB (Ethernet), capture size 65535 bytes
10:39:38.645396 IP (tos 0x0, ttl 63, id 28006, offset 0, flags [DF], proto TCP (6), length 52)
112.78.146.106.57576 > 192.168.2.19.https: Flags [S], cksum 0xf033 (correct) , seq 3791145506, win 43690, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal= 00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
10:39:38.645429 IP (tos 0x0, ttl 255, id 35770, offset 0, flags [DF], proto TCP (6), length 48)
192.168.2.19.https > 112.78.146.106.57576: Flags [S.], cksum 0xc596 (incorrect -> 0x705f), seq 3635828138, ack 3791145507, win 4380, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/VS_PASUTRA flowtype=64 flowid=5600010DEE00 peerid=0 conflags=100208004000024 inslot=1 inport=1 haunit=1 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
10:39:38.645568 IP (tos 0x0, ttl 63, id 28007, offset 0, flags [DF], proto TCP (6), length 40)
112.78.146.106.57576 > 192.168.2.19.https: Flags [.], cksum 0x0294 (correct), ack 1, win 43690, length 0 in slot1/tmm0 lis=/Common/VS_PASUTRA flowtype=64 flowid=5600010DEE00 peerid=0 conflags=100208004000024 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
10:39:38.645677 IP (tos 0x0, ttl 63, id 28008, offset 0, flags [DF], proto TCP (6), length 557)
112.78.146.106.57576 > 192.168.2.19.https: Flags [P.], cksum 0x612b (correct), seq 1:518, ack 1, win 43690, length 517 in slot1/tmm0 lis=/Common/VS_PASUTRA flowtype=64 flowid=5600010DEE00 peerid=0 conflags=120208004000024 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
10:39:38.645712 IP (tos 0x0, ttl 255, id 35774, offset 0, flags [DF], proto TCP(6), length 40)
192.168.2.19.https > 112.78.146.106.57576: Flags [.], cksum 0xc58e (incorrect -> 0x9818), ack 518, win 4897, length 0 out slot1/tmm0 lis=/Common/VS_PASUTRA flowtype=64 flowid=5600010DEE00 peerid=0 conflags=120208004000024 inslot=1 inport=1 haunit=1 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
10:39:38.646475 IP (tos 0x0, ttl 255, id 35776, offset 0, flags [DF], proto TCP(6), length 142)
192.168.2.19.https > 112.78.146.106.57576: Flags [P.], cksum 0xc5f4 (incorrect -> 0x51d6), seq 1:103, ack 518, win 4897, length 102 out slot1/tmm0 lis=/Common/VS_PASUTRA flowtype=64 flowid=5600010DEE00 peerid=0 conflags=120208004000024 inslot=1 inport=1 haunit=1 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
10:39:38.646502 IP (tos 0x0, ttl 255, id 35778, offset 0, flags [DF], proto TCP (6), length 85)
192.168.2.19.https > 112.78.146.106.57576: Flags [P.], cksum 0xc5bb (incorrect -> 0xa48f), seq 103:148, ack 518, win 4897, length 45 out slot1/tmm0 lis=/Common/VS_PASUTRA flowtype=64 flowid=5600010DEE00 peerid=0 conflags=120208004000024 inslot=1 inport=1 haunit=1 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
----------------------------------------------
curl -kv https://pasutra.net/ --resolve pasutra.net:443:192.168.2.19
* Added pasutra.net:443:192.168.2.19 to DNS cache
* Hostname pasutra.net was found in DNS cache
* Trying 192.168.2.19...
* Connected to pasutra.net (192.168.2.19) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: CN=santosjayaabadi.co.id
* start date: Feb 4 00:00:00 2020 GMT
* expire date: Feb 3 23:59:59 2021 GMT
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: pasutra.net
> User-Agent: curl/7.47.1
> Accept: */*
>
* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
* Closing connection 0
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
I've sort of run out of ideas beyond posting here and looking for some ideas on where to look.