大量出现 TCP connection reset by peer

今天是做离线冷备的日子，顺便更新 rpm 包的时候，发现 dnf 频繁出现以下错误

Failed to synchronize cache for repo 'elrepo', ignoring this repo.
Failed to synchronize cache for repo 'elrepo-extras', ignoring this repo.
Failed to synchronize cache for repo 'updates', ignoring this repo.
Failed to synchronize cache for repo 'extras', ignoring this repo.

好不容易同步成功，下载包又出现如下错误

Total download size: 9527 k
Is this ok [y/N]: y
Downloading Packages:

The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Error downloading packages:
  Curl error (35): SSL connect error for https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64&infra=$infra&content=$contentdir [TCP connection reset by peer]

最初以为是机房又被打了，经询问得知网络正常，于是 curl 得到以下结果

curl -v https://mirrors.fedoraproject.org

* About to connect() to mirrors.fedoraproject.org port 443 (#0)
*   Trying 38.145.60.20...
* Connected to mirrors.fedoraproject.org (38.145.60.20) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Closing connection 0
curl: (35) TCP connection reset by peer

第一反应是被 CDN 屏蔽这台服务器的 IP 了，于是让机房加了另一个段，但一样报错

随后又用腾讯云、百度云、京东云和其它机房测试，均出现类似错误，香港机器则正常