Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Sort of naively:
```curl -iv <https://localhost:4000>
*   Trying 127.0.0.1:4000...
* Connected to localhost (127.0.0.1) port 4000 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version
* Closing connection 0
curl: (35) error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version```
it seems to be unaware of TLS.
```ory version
Version:    v0.2.2
Git Hash:   3ef9cd5f54d31fdc8da9ea3d9bfa1cfefb6f098d
Build Time: 2023-01-26T09:52:48Z```
The custom UI in question runs with self-signed localhost certs in dev to support service workers, so self-service flows fail because CSRF cookie won’t be sent on a tunnel URL request when scheme isn’t aligned.