Login/Register
node-request - Getting error "SSL23_GET_SERVER_HELLO:unknown protocol"
Asked Answered
Solved javascriptnode.jssslrequest
S

10

74

I'm using the node-request module, regularly sending GET requests to a set of URLs and, sometimes, getting the error below on some sites.

Error: 29472:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:openssl\ssl\s23_clnt.c:683

The problem is that I don't get this error always or always on the some URLs, just sometimes. Also, it can't be ignored with "strictSSL: false".

I have read that this can be related to me sending SSL requests with the wrong protocol (SSLv2, SSLv3, TLS..). But this doesn't explain why it happens irregularly.

Btw, I'm running nodejs on a Win 2008 server.

Any help is appreciated.

Superheterodyne answered 14/3, 2013 at 22:2 Comment(2)
What happens when you retry the same urls a few seconds latter?Garik
Few seconds later, I get no errors. The errors are only returned sometimes.Superheterodyne
S
18

This was totally my bad.

I was using standard node http.request on a part of the code which should be sending requests to only http adresses. Seems like the db had a single https address which was queried with a random interval.

Simply, I was trying to send a http request to https.

Superheterodyne answered 22/4, 2013 at 13:23 Comment(2)
The error looks more like sending https request to http port?Bonbon
The error message shows clearly that you were using HTTPS, i.e. SSL, and that the server sent you an 'unknown protocol' message, also in SSL. You don't speak either HTTP or HTTPS to databases. Answer doesn't make sense.Censorious
B
115

You will get such error message when you request HTTPS resource via wrong port, such as 80. So please make sure you specified right port, 443, in the Request options.

Brokendown answered 9/8, 2013 at 8:32 Comment(1)
Just had this problem with docker, had in my docker-compose: ports: - "443:80"Mitran
S
18

This was totally my bad.

I was using standard node http.request on a part of the code which should be sending requests to only http adresses. Seems like the db had a single https address which was queried with a random interval.

Simply, I was trying to send a http request to https.

Superheterodyne answered 22/4, 2013 at 13:23 Comment(2)
The error looks more like sending https request to http port?Bonbon
The error message shows clearly that you were using HTTPS, i.e. SSL, and that the server sent you an 'unknown protocol' message, also in SSL. You don't speak either HTTP or HTTPS to databases. Answer doesn't make sense.Censorious
R
7

I got this error because I was using require('https') where I should have been using require('http').

Riga answered 19/8, 2015 at 15:1 Comment(0)
C
4

Some of the sites are speaking SSLv2, or at least sending an SSLv2 server-hello, and your client doesn't speak, or isn't configured to speak, SSLv2. You need to make a policy decision here. SSLv2 should have vanished from the face of the earth years ago, and sites that still use it are insecure. However, if you gotta talk to them, you just have to enable it at your end, if you can. I would complain to the site owners though if you can.

Censorious answered 14/3, 2013 at 22:9 Comment(5)
Although the error sounds like this, not sure if that is the case considering the same URL sometimes returns thiş error. Btw, in node-request, is there a way to enable both SSLv2 and SSLv3? Or, should I do this on the Wİndow OS level?Superheterodyne
That could happen if the site is a farm and there are different SSL levels in different elements: which would be a crazy setup, but if there is SSLv2 at all it is already crazy. I can't advise you about node.js but it is clearly using OpenSSL under the hood, and OpenSSL is highly configurable. I'd investigate the sites in question first though, you don't want to be enabling SSLv2 at your end without a really good reason.Censorious
Still couldn't identify the issue exactly. Once done, I'll be updating this entry.Superheterodyne
@Superheterodyne 4 years on, this is still an Issue. Getting the same error.Therese
@Therese Starting with Node v4+, I suggest using Node's default (SSLv23_method) as it it has the max compatibility in my experience. As an addition, SSLv3 support is dropped in Nodejs, so, if the website being requested expects SSLv3, that may be the issue.Superheterodyne
K
4

I had this problem (403 error for each package) and I found nothing great in the internet to solve it. My .npmrc file inside my user folder was wrong and misunderstood. I changed this npmrc line from

proxy=http://XX.XX.XXX.XXX:XXX/

to :

proxy = XX.XX.XXX.XXX:XXXX
Kuban answered 17/1, 2018 at 16:37 Comment(1)
Thank you so much! I was going crazy. This was the problem .net core too(linux) (but works in java): export http_proxy=x.x.x.x:8888 export https_proxy=x.x.x.x:8888Hettie
Q
2
var https = require('https');
https.globalAgent.options.secureProtocol = 'SSLv3_method';
Quechua answered 10/1, 2014 at 3:31 Comment(2)
did not solve my problem, but useful information thoBombard
SSLv3 is dangerous and obsolete ... instead use secureProtocol: "TLSv1_method"Jacquelinjacqueline
F
0

I got this error while connecting to Amazon RDS. I checked the server status 50% of CPU usage while it was a development server and no one is using it.

It was working before, and nothing in the connection configuration has changed. Rebooting the server fixed the issue for me.

Ferdy answered 24/2, 2017 at 14:26 Comment(0)
B
0

So in Short, 

vi ~/.proxy_info

export http_proxy=<username>:<password>@<proxy>:8080
export https_proxy=<username>:<password>@<proxy>:8080

source ~/.proxy_info

Hope this helps someone in hurry :)

Beckmann answered 5/9, 2018 at 6:24 Comment(1)
This does not explain why the suggestion could solve the problem.Hideaway
C
0

in my case (the website SSL uses ev curves) the issue with the SSL was solved by adding this option ecdhCurve: 'P-521:P-384:P-256'

request({ url, 
   agentOptions: { ecdhCurve: 'P-521:P-384:P-256', }
}, (err,res,body) => {
...

JFYI, maybe this will help someone

Crumpton answered 27/2, 2019 at 18:21 Comment(0)
C
0

I got this error, while using it on my rocketchat to communicate with my gitlab via enterprise proxy,

Because, was using the https://:8080 but actually, it worked for http://:8080

Cletus answered 28/8, 2019 at 2:1 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.