Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error in connecting to https website with sslv3 disabled #239

Closed
outersky opened this issue Jan 12, 2015 · 10 comments
Closed

Error in connecting to https website with sslv3 disabled #239

outersky opened this issue Jan 12, 2015 · 10 comments
Labels
A-client Area: client. C-bug Category: bug. Something is wrong. This is bad!

Comments

@outersky
Copy link

Failed to connect: HttpIoError(IoError { kind: OtherIoError, desc: "Error in OpenSSL", detail: Some("[UnknownError { library: "SSL routines", function: "SSL23_GET_SERVER_HELLO", reason: "sslv3 alert handshake failure" }]") })

@seanmonstar seanmonstar added C-bug Category: bug. Something is wrong. This is bad! A-client Area: client. labels Jan 15, 2015
@seanmonstar
Copy link
Member

The site in question has another version enabled?

@shaleh
Copy link

shaleh commented Apr 26, 2016

I am getting this when enabling a https proxy using the new code.

$ cargo run --example client https://google.com/
     Running `/home/perryse/repos/rust/hyper-upstream/target/debug/examples/client https://google.com/`
thread '<main>' panicked at 'called `Result::unwrap()` on an `Err` value:  Ssl(OpenSslErrors([UnknownError { library: "SSL routines", function:  "SSL23_GET_SERVER_HELLO", reason: "unknown protocol" }]))', ../src/libcore/result.rs:746

note: Run with RUST_BACKTRACE=1 for a backtrace.
Process didn't exit successfully: /home/perryse/repos/rust/hyper-upstream/target/debug/examples/client https://google.com/ (exit code: 101)

Here is the diff I applied to the sample client.

diff --git a/examples/client.rs b/examples/client.rs                                                   
index 6d6a938..9c1edc8 100644                                                                          
--- a/examples/client.rs                                                                               
+++ b/examples/client.rs                                                                               
@@ -20,7 +20,8 @@ fn main() {                                                                          
         }                                                                                             
     };                                                                                                

-    let client = Client::new();                                                                       
+   let mut client = Client::new();                                                                   
+   client.set_proxy("https", "my-proxy-server", 8080);                                               

     let mut res = client.get(&*url)                                                                   
         .header(Connection::close())

@seanmonstar
Copy link
Member

@shaleh hm, i wonder if these improved options would help? https://github.com/hyperium/hyper/tree/openssl-opts

@shaleh
Copy link

shaleh commented Apr 27, 2016

I will test it out tomorrow.

@shaleh
Copy link

shaleh commented Apr 27, 2016

No dice.

$ git log -n 2
commit 46bef474f815da055816b6e76700575b350382bf
Merge: eb2f90a 273e411
Author: Sean Perry <>
Date:   Wed Apr 27 08:12:02 2016 -0700

    Merge remote-tracking branch 'origin/openssl-opts' into shaleh/debug-proxy

commit 273e411a106dd8fd31efa8de7a969d0ffad64f47
Author: Sean McArthur <sean.monstar@gmail.com>
Date:   Tue Apr 26 18:37:49 2016 -0700

    feat(ssl): improve default options for Openssl server and client

Here is the trace

$ RUST_BACKTRACE=1 cargo run --example client https://google.com/
Running `target/debug/examples/client https://google.com/`
thread '<main>' panicked at 'called `Result::unwrap()` on an `Err` value:   Ssl(OpenSslErrors([UnknownError { library: "SSL routines", function:  "SSL23_GET_SERVER_HELLO", reason: "unknown protocol" }]))', ../src/libcore/result.rs:746
stack backtrace:
   1:     0x7f746224c040 - sys::backtrace::tracing::imp::write::h3675b4f0ca767761Xcv
   2:     0x7f746224e7cb -  panicking::default_handler::_$u7b$$u7b$closure$u7d$$u7d$::closure.44519
   3:     0x7f746224e438 - panicking::default_handler::h18faf4fbd296d909lSz
   4:     0x7f74622423fc - sys_common::unwind::begin_unwind_inner::hfb5d07d6e405c6bbg1t
   5:     0x7f7462242888 - sys_common::unwind::begin_unwind_fmt::h8b491a76ae84af35m0t
   6:     0x7f746224b5f1 - rust_begin_unwind
   7:     0x7f746227decf - panicking::panic_fmt::h98b8cbb286f5298alcM
   8:     0x7f746209808d - result::unwrap_failed::h7894835727094893990
                    at ../src/libcore/macros.rs:29
   9:     0x7f7462095a32 - result::Result<T, E>::unwrap::h2608118172930375710
                    at ../src/libcore/result.rs:687
  10:     0x7f7462093ad9 - main::h699de4ed11b187dfkaa
                    at examples/client.rs:27
  11:     0x7f746224e094 - sys_common::unwind::try::try_fn::h14622312129452522850
  12:     0x7f746224b57b - __rust_try
  13:     0x7f746224db2b - rt::lang_start::h0ba42f7a8c46a626rKz
  14:     0x7f74620aa739 - main
  15:     0x7f7460df7ec4 - __libc_start_main
  16:     0x7f7462093628 - <unknown>
  17:                0x0 - <unknown>
Process didn't exit successfully: `target/debug/examples/client https://google.com/` (exit code: 101)

@shaleh
Copy link

shaleh commented Apr 27, 2016

Ok, this one is my fault. But may be helpful to others.

While trying to debug proxy support I had setup a proxy using scheme = HTTPS. But HTTPS is not actually supported. All traffic needs to go through HTTP, then HTTPS if needed. This was the cause of the odd ssl error. A quick way to debug this:

$ openssl s_client -connect my-proxy:8080
CONNECTED(00000004)
140284460365472:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

@seanmonstar I opened #774 to track the issue using a proxy.

@seanmonstar
Copy link
Member

@shaleh so, the issue in this case was connecting to https://my-proxy:8080 when my-proxy doesn't support SSL?

@shaleh
Copy link

shaleh commented Apr 27, 2016

correct

@sfackler
Copy link
Contributor

Seems like this can be closed.

@seanmonstar
Copy link
Member

SSL was removed from hyper, see #985.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-client Area: client. C-bug Category: bug. Something is wrong. This is bad!
Projects
None yet
Development

No branches or pull requests

4 participants