Hackney cannot access HTTPS - CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Hackney cannot access HTTPS - CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

I Gusti Ngurah Oka Prinarjaya
Hi,

I use hackney to fetch a web page and i get error when accessing website with https with following error:

TLS client: In state certify at tls_connection.erl:966 generated CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

** exception error: no match of right hand side value {error,
                                                       {tls_alert,
                                                        {handshake_failure,
                                                         "received CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data"}}}
     in function  handler_test_test_test:fetch_page/1 (/Users/okaprinarjaya/Oprek/Erlang-Oprek-Tiga/idea_execute/src/handler_test_test_test.erl, line 37)


Then I found this: https://github.com/benoitc/hackney/issues/362 . I try to implement that github issue but still failed and still get same error message. My code based on github issue: https://pastebin.com/QeCc0tab

My environment:
1. MacOS Mojave v10.14.6
2. Erlang/OTP 21 [erts-10.3] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1]
3. I install hackney with this way through rebar3: 
{hackney, ".*", {git, "git://github.com/benoitc/hackney.git", {branch, "master"}}}
and my current hackney version is 1.15.2

ssl:cipher_suites() 

[{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdhe_rsa,aes_256_cbc,sha384,sha384},
 {ecdh_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdh_rsa,aes_256_cbc,sha384,sha384},
 {dhe_rsa,aes_256_cbc,sha256},
 {dhe_dss,aes_256_cbc,sha256},
 {ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdhe_rsa,aes_128_cbc,sha256,sha256},
 {ecdh_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdh_rsa,aes_128_cbc,sha256,sha256},
 {dhe_rsa,aes_128_cbc,sha256},
 {dhe_dss,aes_128_cbc,sha256},
 {ecdhe_ecdsa,aes_256_cbc,sha},
 {ecdhe_rsa,aes_256_cbc,sha},
 {dhe_rsa,aes_256_cbc,sha},
 {dhe_dss,aes_256_cbc,sha},
 {ecdh_ecdsa,aes_256_cbc,sha},
 {ecdh_rsa,aes_256_cbc,sha},
 {ecdhe_ecdsa,aes_128_cbc,sha},
 {ecdhe_rsa,aes_128_cbc,sha},
 {dhe_rsa,aes_128_cbc,sha},
 {dhe_dss,aes_128_cbc,sha},
 {ecdh_ecdsa,aes_128_cbc,sha},
 {ecdh_rsa,aes_128_cbc,sha}]

Please enlightenment

Thank you 



Reply | Threaded
Open this post in threaded view
|

Re: Hackney cannot access HTTPS - CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

Bram Verburg
Which exact Erlang/OTP version are you on? It seems to be 21.3, and if you're not on the very latest patch level you might get bitten by ssl bugs such as https://bugs.erlang.org/browse/ERL-968. That particular one was fixed in 21.3.8.5, and even though it was originally reported with a slightly different error response, the root cause does make handshake data appear malformed to the ssl state machine.

If that's not the issue, can you perhaps share a URL that triggers the issue?


On Tue, 26 Nov 2019 at 02:40, I Gusti Ngurah Oka Prinarjaya <[hidden email]> wrote:
Hi,

I use hackney to fetch a web page and i get error when accessing website with https with following error:

TLS client: In state certify at tls_connection.erl:966 generated CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

** exception error: no match of right hand side value {error,
                                                       {tls_alert,
                                                        {handshake_failure,
                                                         "received CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data"}}}
     in function  handler_test_test_test:fetch_page/1 (/Users/okaprinarjaya/Oprek/Erlang-Oprek-Tiga/idea_execute/src/handler_test_test_test.erl, line 37)


Then I found this: https://github.com/benoitc/hackney/issues/362 . I try to implement that github issue but still failed and still get same error message. My code based on github issue: https://pastebin.com/QeCc0tab

My environment:
1. MacOS Mojave v10.14.6
2. Erlang/OTP 21 [erts-10.3] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1]
3. I install hackney with this way through rebar3: 
{hackney, ".*", {git, "git://github.com/benoitc/hackney.git", {branch, "master"}}}
and my current hackney version is 1.15.2

ssl:cipher_suites() 

[{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdhe_rsa,aes_256_cbc,sha384,sha384},
 {ecdh_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdh_rsa,aes_256_cbc,sha384,sha384},
 {dhe_rsa,aes_256_cbc,sha256},
 {dhe_dss,aes_256_cbc,sha256},
 {ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdhe_rsa,aes_128_cbc,sha256,sha256},
 {ecdh_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdh_rsa,aes_128_cbc,sha256,sha256},
 {dhe_rsa,aes_128_cbc,sha256},
 {dhe_dss,aes_128_cbc,sha256},
 {ecdhe_ecdsa,aes_256_cbc,sha},
 {ecdhe_rsa,aes_256_cbc,sha},
 {dhe_rsa,aes_256_cbc,sha},
 {dhe_dss,aes_256_cbc,sha},
 {ecdh_ecdsa,aes_256_cbc,sha},
 {ecdh_rsa,aes_256_cbc,sha},
 {ecdhe_ecdsa,aes_128_cbc,sha},
 {ecdhe_rsa,aes_128_cbc,sha},
 {dhe_rsa,aes_128_cbc,sha},
 {dhe_dss,aes_128_cbc,sha},
 {ecdh_ecdsa,aes_128_cbc,sha},
 {ecdh_rsa,aes_128_cbc,sha}]

Please enlightenment

Thank you 



Reply | Threaded
Open this post in threaded view
|

Re: Hackney cannot access HTTPS - CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

I Gusti Ngurah Oka Prinarjaya
Hi,

Thank you for your reply, Unfortunately for now, I don't know exactly how to identify exact detail patch level version for my installed Erlang/OTP.

I've try to run:
erlang:display(erlang:system_info(otp_release)). but that command only displaying "21"
{ok, Version} = file:read_file(filename:join([code:root_dir(), "releases", erlang:system_info(otp_release), "OTP_VERSION"])), io:fwrite(Version). that command only displaying 21.3 

And, how to update my Erlang/OTP version to latest Erlang/OTP 21.3 patch release using kerl  ?
I install Erlang/OTP distribution using kerl  at first. so i hope kerl also able to update existing installation.

Thank you




Pada tanggal Sel, 26 Nov 2019 pukul 14.00 Bram Verburg <[hidden email]> menulis:
Which exact Erlang/OTP version are you on? It seems to be 21.3, and if you're not on the very latest patch level you might get bitten by ssl bugs such as https://bugs.erlang.org/browse/ERL-968. That particular one was fixed in 21.3.8.5, and even though it was originally reported with a slightly different error response, the root cause does make handshake data appear malformed to the ssl state machine.

If that's not the issue, can you perhaps share a URL that triggers the issue?


On Tue, 26 Nov 2019 at 02:40, I Gusti Ngurah Oka Prinarjaya <[hidden email]> wrote:
Hi,

I use hackney to fetch a web page and i get error when accessing website with https with following error:

TLS client: In state certify at tls_connection.erl:966 generated CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

** exception error: no match of right hand side value {error,
                                                       {tls_alert,
                                                        {handshake_failure,
                                                         "received CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data"}}}
     in function  handler_test_test_test:fetch_page/1 (/Users/okaprinarjaya/Oprek/Erlang-Oprek-Tiga/idea_execute/src/handler_test_test_test.erl, line 37)


Then I found this: https://github.com/benoitc/hackney/issues/362 . I try to implement that github issue but still failed and still get same error message. My code based on github issue: https://pastebin.com/QeCc0tab

My environment:
1. MacOS Mojave v10.14.6
2. Erlang/OTP 21 [erts-10.3] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1]
3. I install hackney with this way through rebar3: 
{hackney, ".*", {git, "git://github.com/benoitc/hackney.git", {branch, "master"}}}
and my current hackney version is 1.15.2

ssl:cipher_suites() 

[{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdhe_rsa,aes_256_cbc,sha384,sha384},
 {ecdh_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdh_rsa,aes_256_cbc,sha384,sha384},
 {dhe_rsa,aes_256_cbc,sha256},
 {dhe_dss,aes_256_cbc,sha256},
 {ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdhe_rsa,aes_128_cbc,sha256,sha256},
 {ecdh_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdh_rsa,aes_128_cbc,sha256,sha256},
 {dhe_rsa,aes_128_cbc,sha256},
 {dhe_dss,aes_128_cbc,sha256},
 {ecdhe_ecdsa,aes_256_cbc,sha},
 {ecdhe_rsa,aes_256_cbc,sha},
 {dhe_rsa,aes_256_cbc,sha},
 {dhe_dss,aes_256_cbc,sha},
 {ecdh_ecdsa,aes_256_cbc,sha},
 {ecdh_rsa,aes_256_cbc,sha},
 {ecdhe_ecdsa,aes_128_cbc,sha},
 {ecdhe_rsa,aes_128_cbc,sha},
 {dhe_rsa,aes_128_cbc,sha},
 {dhe_dss,aes_128_cbc,sha},
 {ecdh_ecdsa,aes_128_cbc,sha},
 {ecdh_rsa,aes_128_cbc,sha}]

Please enlightenment

Thank you 



Reply | Threaded
Open this post in threaded view
|

Re: Hackney cannot access HTTPS - CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

I Gusti Ngurah Oka Prinarjaya
Hi,

Yes You are correct @Bram Verburg, I got bitten by ssl bugs. So now I use Erlang/OTP 22.1.8 and problem solved!

Thank you 




Pada tanggal Sel, 26 Nov 2019 pukul 15.02 I Gusti Ngurah Oka Prinarjaya <[hidden email]> menulis:
Hi,

Thank you for your reply, Unfortunately for now, I don't know exactly how to identify exact detail patch level version for my installed Erlang/OTP.

I've try to run:
erlang:display(erlang:system_info(otp_release)). but that command only displaying "21"
{ok, Version} = file:read_file(filename:join([code:root_dir(), "releases", erlang:system_info(otp_release), "OTP_VERSION"])), io:fwrite(Version). that command only displaying 21.3 

And, how to update my Erlang/OTP version to latest Erlang/OTP 21.3 patch release using kerl  ?
I install Erlang/OTP distribution using kerl  at first. so i hope kerl also able to update existing installation.

Thank you




Pada tanggal Sel, 26 Nov 2019 pukul 14.00 Bram Verburg <[hidden email]> menulis:
Which exact Erlang/OTP version are you on? It seems to be 21.3, and if you're not on the very latest patch level you might get bitten by ssl bugs such as https://bugs.erlang.org/browse/ERL-968. That particular one was fixed in 21.3.8.5, and even though it was originally reported with a slightly different error response, the root cause does make handshake data appear malformed to the ssl state machine.

If that's not the issue, can you perhaps share a URL that triggers the issue?


On Tue, 26 Nov 2019 at 02:40, I Gusti Ngurah Oka Prinarjaya <[hidden email]> wrote:
Hi,

I use hackney to fetch a web page and i get error when accessing website with https with following error:

TLS client: In state certify at tls_connection.erl:966 generated CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

** exception error: no match of right hand side value {error,
                                                       {tls_alert,
                                                        {handshake_failure,
                                                         "received CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data"}}}
     in function  handler_test_test_test:fetch_page/1 (/Users/okaprinarjaya/Oprek/Erlang-Oprek-Tiga/idea_execute/src/handler_test_test_test.erl, line 37)


Then I found this: https://github.com/benoitc/hackney/issues/362 . I try to implement that github issue but still failed and still get same error message. My code based on github issue: https://pastebin.com/QeCc0tab

My environment:
1. MacOS Mojave v10.14.6
2. Erlang/OTP 21 [erts-10.3] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1]
3. I install hackney with this way through rebar3: 
{hackney, ".*", {git, "git://github.com/benoitc/hackney.git", {branch, "master"}}}
and my current hackney version is 1.15.2

ssl:cipher_suites() 

[{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdhe_rsa,aes_256_cbc,sha384,sha384},
 {ecdh_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdh_rsa,aes_256_cbc,sha384,sha384},
 {dhe_rsa,aes_256_cbc,sha256},
 {dhe_dss,aes_256_cbc,sha256},
 {ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdhe_rsa,aes_128_cbc,sha256,sha256},
 {ecdh_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdh_rsa,aes_128_cbc,sha256,sha256},
 {dhe_rsa,aes_128_cbc,sha256},
 {dhe_dss,aes_128_cbc,sha256},
 {ecdhe_ecdsa,aes_256_cbc,sha},
 {ecdhe_rsa,aes_256_cbc,sha},
 {dhe_rsa,aes_256_cbc,sha},
 {dhe_dss,aes_256_cbc,sha},
 {ecdh_ecdsa,aes_256_cbc,sha},
 {ecdh_rsa,aes_256_cbc,sha},
 {ecdhe_ecdsa,aes_128_cbc,sha},
 {ecdhe_rsa,aes_128_cbc,sha},
 {dhe_rsa,aes_128_cbc,sha},
 {dhe_dss,aes_128_cbc,sha},
 {ecdh_ecdsa,aes_128_cbc,sha},
 {ecdh_rsa,aes_128_cbc,sha}]

Please enlightenment

Thank you