Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssl related error @ routines:ssl3_read_bytes:sslv3 #17936

Closed
jloa opened this issue Jan 1, 2018 · 3 comments
Closed

ssl related error @ routines:ssl3_read_bytes:sslv3 #17936

jloa opened this issue Jan 1, 2018 · 3 comments
Labels
openssl Issues and PRs related to the OpenSSL dependency. tls Issues and PRs related to the tls subsystem.

Comments

@jloa
Copy link

jloa commented Jan 1, 2018

Version: 9.0.3
Platform: win10 x64
Subsystem: ssl

Made a simple api https server (code's bellow). All works fine but from time to time server randomly crashes with this error:

Error: 140147404642112:error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message:../deps/openssl/openssl/ssl/s3_pkt.c:1500:SSL alert number 10

Any ideas why this happens/how to fix this? And what stands for error number 10?
Any help much appreciated.

var fs = require('fs');
var app = require('express')();
var port = 5000;
var key = fs.readFileSync('my.crt');
var cert = fs.readFileSync('my.key');
var server = require('https').Server({ 'key': privateKey, 'cert': certificate }, app);
server.listen(port, function() {
	Logger.info('listening on *:'+port);
});
@tniessen tniessen added openssl Issues and PRs related to the OpenSSL dependency. tls Issues and PRs related to the tls subsystem. labels Jan 1, 2018
@bnoordhuis
Copy link
Member

Alert 10 is 'unexpected message.' The other end of the connection is saying it didn't expect something on the TLS protocol level but without going into details.

When you say "crash", you mean "throws an exception"?

@jloa
Copy link
Author

jloa commented Jan 2, 2018

When you say "crash", you mean "throws an exception"?

Yes. And the thing is that it happens randomly whenever a web-socket client connects to node.
uncaughtException: 140147404642112:error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message:../deps/openssl/openssl/ssl/s3_pkt.c:1500:SSL alert number 10

Also i've downgraded to node version 4.4.7 and it seems like there's no such problem.
It's kinda hard to reproduce this error though - i just make constant ws connection with a timeout of 1000ms and after some time on latest node i get this exception.
Left node 4.4.7 to run for 1 hour - no errors.

Also the cert is valid and verified by GeoTrust SSL CA - G3 (not self-signed)

@bnoordhuis
Copy link
Member

v4.4.7 uses a slightly older version of openssl (1.0.2g vs. 1.0.2n) so that might explain it. Without a tcpdump or wireshark trace it's hard to say what exactly is going on.

It's probably an old or buggy TLS client but it doesn't really matter: alerts are part of the protocol, the other end can send them at almost any time for almost any reason. Log the error and move on; that's about all you can do, practically speaking.

I'll close this out. If you have follow-up questions, can you post them to the help repo? Cheers.

sam-github added a commit to sam-github/node that referenced this issue Apr 26, 2019
Enable the same trace output that the OpenSSL s_client and s_server
support with their `-trace` option. This is invaluable when debugging
reports of TLS bugs as well as when debugging the internal TLS
implementation.

See:
- nodejs#25383
- nodejs#17936
- postmanlabs/postman-app-support#5918 (comment)
sam-github added a commit that referenced this issue Apr 29, 2019
Enable the same trace output that the OpenSSL s_client and s_server
support with their `-trace` option. This is invaluable when debugging
reports of TLS bugs as well as when debugging the internal TLS
implementation.

See:
- #25383
- #17936
- postmanlabs/postman-app-support#5918 (comment)

PR-URL: #27376
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
targos pushed a commit that referenced this issue Apr 30, 2019
Enable the same trace output that the OpenSSL s_client and s_server
support with their `-trace` option. This is invaluable when debugging
reports of TLS bugs as well as when debugging the internal TLS
implementation.

See:
- #25383
- #17936
- postmanlabs/postman-app-support#5918 (comment)

PR-URL: #27376
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
openssl Issues and PRs related to the OpenSSL dependency. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

No branches or pull requests

3 participants