HTTP/HTTPS client requests throwing EPROTO #3692
Comments
|
@brandonros I'm suspecting it has to do with the first-class IPv6 support Node v4 has. cc @mscdex maybe. Edit: added IPv6 |
|
What OS and OS version is this on? |
|
|
@Fishrock123 @mscdex Any other information I can provide? Would love to get this fixed quickly. I'm sure it has to be something on my end, otherwise a huge portion of people would be experiencing it. The code used to work without issue, but it started happening a) when I changed machines and b) when I switched versions. I installed with nvm if that matters. |
|
Is it happening with the same server(s)? If so, are these public servers? Otherwise, if you can, it might be helpful to see what types of addresses the servers are resolving to (e.g. IPv4, IPv6) and what types of addresses are assigned to the outgoing network interface the requests are going out. |
|
@mscdex It is happening on the same offending server. It seems to happen on both requests made to localhost, and external APIs. All IPv4. |
|
Also encountered on OS X (My computer) and Ubuntu (Travis-CI) and Windows Server (AppVeyor) when using npm package 'request', the error trace is exactly same as described by @brandonros |
|
It sounds like you are trying to use port 80 for https? Reproduced via: require('https').get('https://google.com:80', function(res) { console.log(res.statusCode) }).on('error', console.log) |
|
The reason that isn't the problem in my case is because it only happens On Sunday, November 8, 2015, Evan Lucas [email protected] wrote:
|
|
It will be difficult for us to help debug the issue without being able to see some of the code. Is there any that you could share? |
|
I went to dumb down some code I have, and it really just boils down to any HTTP or HTTPS request. Nothing else. @trotyl Do you think it has anything to do with DNS or nginx rewrites? I'm really stretching here. I can't come up with anything else. |
|
It appears on some certain urls and randomly, I cannot even cause it to appear manually, and I have used a 'retry(100)' of RxJS to get rid of this problem. But it seems not a good solution. Some url(s) on my crawler of my university site may cause the problem at some low possibility, I do have no idea where it came from as error trace directly begin from 'net.js', But what I can guess seems to be DNS or HTTPS or something relevant. The url I have problem with seems to be 'https://uis.uestc.edu.cn/amserver/UI/Login' with method 'POST' with form 'IDToken0&IDToken=2012019050020&IDToken2=811073&IDButton=Submit&goto=aHR0cDovL3BvcnRhbC51ZXN0Yy5lZHUuY24vbG9naW4ucG9ydGFs&encoded=true&gx_charset=UTF-8', (the id and password is not mine but valid) |
|
Upgrading to 5.0, changing machines, and switching to 64-bit seems to have fixed the problem. I don't want to jinx anything, but I have not seen the error in 3 days. |
|
The error is still happening. I am installing longjohn on all of my servers to get more information. @trotyl Any update? |
|
How is this for a stack trace? I had But I think this was the culpritL |
|
I'm also receiving this error intermittently on random servers and URLs (though all are being accessed via HTTPS). @brandonros - Based on other threads, I'm investigating the possibility of this being caused by drop of RC4 support in Node >= v4.0. Any update on your end? |
|
@BennyH26 Say this is the case. What can be done to fix this? Edit: Maybe the reason this is happening intermittently is because we are getting load balanced to different servers? I'm going to test if these options will fix the problem. I'm not sure if they are correct. |
|
/cc @nodejs/http |
|
@brandonros I've added the code to my agent options, and will keep you posted if I still receive errors. Intermittent errors are so challenging to solve sometimes... As you suggested, I suspect we are hitting load balanced servers, and their reverse proxy configurations are SLIGHTLY different, thereby negotiating different ciphers. Just a guess though. |
|
@BennyH26 What servers/URLs are you hitting? I ran eBay's API endpoint through https://www.ssllabs.com/ssltest/, if that helps. |
|
@brandonros https://api.ebay.com/ws/api.dll Looks like two of the three servers got C grades =] |
|
@trotyl are you sure about OS X? This seems pretty strange to me, because I don't see a place in kernel that could set errno = EPROTO for TCP syscalls. |
|
Gosh, nevermind. It is returned by |
|
This is very likely happened, because there were pending writes on TLS socket and it was destroyed before they were encrypted and sent to the other side. |
|
I think this kind of error can only happen if |
|
@brandonros may I ask you to give a try to following patch? diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index ef5769c..d517d1b 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -47,7 +47,11 @@ function onhandshakestart() {
function onhandshakedone() {
// for future use
debug('onhandshakedone');
- this._finishInit();
+
+ const self = this;
+ setImmediate(function() {
+ self._finishInit();
+ });
}
@@ -556,6 +560,10 @@ TLSSocket.prototype._releaseControl = function() {
};
TLSSocket.prototype._finishInit = function() {
+ // Destroyed before getting there
+ if (this._handle == null)
+ return;
+
// `newSession` callback wasn't called yet
if (this._newSessionPending) {
this._securePending = true; |
|
Basically, what I think happens here is that |
|
(It doesn't seem like it could be any other UV_EPROTO case from |
|
@indutny Do you think the options I pass as per #3692 (comment) will interfere or solve the issue? I will try the patch but the error very rarely happens. I guess I could write a test to try to exacerbate the behavior. |
|
|
@j-langlois IIRC the problem was not the lack of TLS 1.2 support, it was that there were maybe 10 machines in the eBay load balancer, several of them supported TLS 1.2 and several of them did not. The node client couldn't correctly handle the protocol downgrade |
|
Using the following worked for me. Using just TLSv1_method, I cannot load https://www.jewishvoice.org |
|
I can't request my site via HTTPS either. My nginx ssl configurations are Node.js v9.2.0 It has worked before, I don't know when this error started occuring but I've noticed just now EDIT: I found better help from #16196, setting |
As of 3/22/2016, the eBay API has several servers that can only
negotiate TLS v1.0 sessions, and several servers that can negotiate TLS
v1.0, v1.1 and v1.2. Node/OpenSSL get confused by this, and occasionally
attempt to parse a v1.2 response using TLS v1.0 and vice versa. The
error you get back from the request looks something like this:
```
{ [Error: write EPROTO 140113357338496:error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number:../deps/openssl/openssl/ssl/s3_pkt.c:362:
] code: 'EPROTO',
errno: 'EPROTO',
syscall: 'write' }
```
As far as I can tell, this isn't patched yet, in Node or OpenSSL. But
setting the following options forces all connections to be negotiated
with TLS v1.0, effectively fixing the issue.
More reading:
aws/aws-sdk-js#862
nodejs/node#3692
https://www.ssllabs.com/ssltest/analyze.html?d=api.ebay.com
If you know anyone at eBay, please tell them it's a) unacceptable to
have servers that can only negotiate TLS v1.0, and b) unacceptable to
have a SSL certificate that was signed with SHA1, and they should
upgrade both things.
|
I'll close this out, doesn't look like there's anything left to do. The upstream openssl changes were merged last year. |
ghost
mentioned this issue
|
create-react-app failed, reason: write EPROTO 14100:error:14094438:SSL any answer please |
|
Im getting a very similar error using a truffle for Ethereum development. happens in my virtual machine, host machine and MacOS. Not getting a lot of answers from the Truffle Devs. They just shrugged. |
|
LOL got this error when using simplest nodejs module - request (https://www.npmjs.com/package/request). It happened when I tried to access this page:
I have no idea WTF is going one... and how to fix this. |
|
getting this in v16.14.0 |
|
Got this error while using the Might not be the solution for everyone but hopefully this helps. node v18.11.0 |
|
hey @naatebarber would appreciate if you could provide an example or snippet, |
and others
My code is littered with both HTTP and HTTPS requests. I have no idea what is causing this error but it is occurring in many places since I've upgraded to 4.2.1 from 0.12.7. Please tell me what information I need to provide to help debug this.
The text was updated successfully, but these errors were encountered: