cy.visit() results in ERR_SSL_VERSION_OR_CIPHER_MISMATCH

[jennifer-shehane]

Is this a Feature or Bug?

Bug

Current behavior:

In some circumstances, users encounter this error when visiting their application:

This site can't provide a secure connection
xxx uses an unsupported protocol
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

If you encounter this bug, please try to paste any test code or information you can below as we have been unable to reproduce this issue.

Theory
The problem is likely the way the user's server is self signing the cert and it is confusing the Cypress proxy, which ultimately confuses the browser.

[jennifer-shehane]

Issues from gitter:
https://gitter.im/cypress-io/cypress?at=5996055576a757f808b65217
https://gitter.im/cypress-io/cypress?at=59bbfd21210ac26920361246
https://gitter.im/cypress-io/cypress?at=59e7ccdcd6c36fca316b4ce1

[radiovisual]

@jennifer-shehane , I believe I am having this same issue. If you don't think this is related, I can open a new issue.

I am using Cypress 1.0.3 on MacOS 10.13

It doesn't matter if I set "chromeWebSecurity" to true or false, when I try to run this test code:

describe('Should allow Chrome Extension to be injected', function() {
    beforeEach(function(){
        cy.visit('https://github.com/willklein/github-markdown-menu');
    });

    it('.should() - do something', function () {
        expect(true).to.equal(false);
    });
});

Instead of getting the expected assertion failure, Cypress tells me that there isn't any tests to run (after it tries to visit the url)

But if I change the URL to a domain that doesn't require https, then the test fails as expected:

describe('Should allow Chrome Extension to be injected', function() {
    beforeEach(function(){
        cy.visit('http://mrdoob.com');
    });

    it('.should() - find the extension', function () {
        expect(true).to.equal(false);
    });
});

[brian-mann]

@radiovisual the issue you're having is not related to the one that @jennifer-shehane opened.

Additionally, your issue has nothing to do with https as well. Https works just fine in Cypress. A quick test with cy.visit('https://example.com') proves that.

The problem that you're showing is that Github has security mechanisms in place that defeat the automation capabilities of Cypress. This has been documented and talked about on here many many times. When you visit Github these security features are redirecting Cypress. The code looks as simple as this:

if (window.top !== window.self) {
  window.location.back()
}

However, this problem is simple to work around. You shouldn't be testing sites that you don't control. Test your own applications - and if your own applications have these security mechanisms then you should disable them while in testing environment.

[brian-mann]

Here's a much more comprehensive answer that I've given for this exact scenario:

#392 (comment)

[radiovisual]

Thanks @brian-mann, I only put that test code up there as an example, but I do understand the importance of only testing apps that are under your control, I was trying to prepare a simpler test case to demonstrate the problem in #876, but then when it wouldn't run my simple use case, I ran into a problem that felt a lot like this issue, but yes, now I see that they are different.

Anyway, thanks for the input. 👍

[hskrtich]

I have made a small repo with a docker image that will setup apache with a self signed ssl cert that shows this error.

https://github.com/bskrtich/cypress-ssl-mismatch

Let me know if you have any questions.

[brian-mann]

@bskrtich oh thank you. this should be enough to figure it out.

[Graham42]

Does anyone have a workaround for this?

[jennifer-shehane]

@radiovisual Some updates to frame-busting changes we're making can be read here: #886

[zhnli]

This issue still exists in 2.0.0. It's a show stopper for us.

[joshdk]

I did some additional digging into what causes this issue, and it appears that this is triggered specifically by using cy.visit() to visit an IP address over HTTPS, where the resource returns a 200 OK status code with a content-type of text/html.

Inspired by @bskrtich's example, I have created joshdk/cypress-ssl-repro as a minimal repro with documentation.

Additionally, I had some observations while testing:

• Using the cy.request() function never caused this behavior.
• Changing the SSL certificate CN had no impact.
• Changing the Nginx server_name had no impact.
• Changing the Nginx ssl_protocols or ssl_ciphers had no impact.
• Changing the listening Nginx/Docker port had no impact.

I hope that this helps folks resolve the issue!

• Operating System: macOS High Sierra (Version 10.13.2 (17C88))
• Cypress Version: 2.0.0
• Browser Version: Chrome 64 - (64.0.3282.167 (Official Build) (64-bit))

[jennifer-shehane]

@joshdk This is great! I forked your repo and added the cypress tests so we can get it up and running more quickly.

In https://github.com/cypress-io/cypress-ssl-repro

• make sure you have docker running.
• run npm start
• run npm test