74

I'm using the node-request module, regularly sending GET requests to a set of URLs and, sometimes, getting the error below on some sites.

Error: 29472:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:openssl\ssl\s23_clnt.c:683

The problem is that I don't get this error always or always on the some URLs, just sometimes. Also, it can't be ignored with "strictSSL: false".

I have read that this can be related to me sending SSL requests with the wrong protocol (SSLv2, SSLv3, TLS..). But this doesn't explain why it happens irregularly.

Btw, I'm running nodejs on a Win 2008 server.

Any help is appreciated.

Ben
  • 54,723
  • 49
  • 178
  • 224
umutm
  • 2,832
  • 4
  • 22
  • 22

10 Answers10

115

You will get such error message when you request HTTPS resource via wrong port, such as 80. So please make sure you specified right port, 443, in the Request options.

Gaf King
  • 1,159
  • 2
  • 7
  • 2
18

This was totally my bad.

I was using standard node http.request on a part of the code which should be sending requests to only http adresses. Seems like the db had a single https address which was queried with a random interval.

Simply, I was trying to send a http request to https.

umutm
  • 2,832
  • 4
  • 22
  • 22
  • 6
    The error looks more like sending https request to http port? – Michael Krelin - hacker May 24 '13 at 12:10
  • 2
    The error message shows clearly that you were using HTTPS, i.e. SSL, and that the server sent you an 'unknown protocol' message, also in SSL. You don't speak either HTTP or HTTPS to databases. Answer doesn't make sense. – user207421 Oct 14 '16 at 20:28
7

I got this error because I was using require('https') where I should have been using require('http').

Ben
  • 54,723
  • 49
  • 178
  • 224
4

Some of the sites are speaking SSLv2, or at least sending an SSLv2 server-hello, and your client doesn't speak, or isn't configured to speak, SSLv2. You need to make a policy decision here. SSLv2 should have vanished from the face of the earth years ago, and sites that still use it are insecure. However, if you gotta talk to them, you just have to enable it at your end, if you can. I would complain to the site owners though if you can.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Although the error sounds like this, not sure if that is the case considering the same URL sometimes returns thiş error. Btw, in node-request, is there a way to enable both SSLv2 and SSLv3? Or, should I do this on the Wİndow OS level? – umutm Mar 15 '13 at 08:56
  • That could happen if the site is a farm and there are different SSL levels in different elements: which would be a crazy setup, but if there is SSLv2 at all it is already crazy. I can't advise you about node.js but it is clearly using OpenSSL under the hood, and OpenSSL is highly configurable. I'd investigate the sites in question first though, you don't want to be enabling SSLv2 at your end without a really good reason. – user207421 Mar 16 '13 at 00:40
  • 1
    Still couldn't identify the issue exactly. Once done, I'll be updating this entry. – umutm Mar 26 '13 at 11:48
  • 1
    @umutm 4 years on, this is still an Issue. Getting the same error. – Dojo Jan 30 '17 at 21:38
  • @Dojo Starting with Node v4+, I suggest using Node's default (SSLv23_method) as it it has the max compatibility in my experience. As an addition, SSLv3 support is dropped in Nodejs, so, if the website being requested expects SSLv3, that may be the issue. – umutm Feb 01 '17 at 21:27
4

I had this problem (403 error for each package) and I found nothing great in the internet to solve it. My .npmrc file inside my user folder was wrong and misunderstood. I changed this npmrc line from

proxy=http://XX.XX.XXX.XXX:XXX/

to :

proxy = XX.XX.XXX.XXX:XXXX
koppor
  • 19,079
  • 15
  • 119
  • 161
Flament Mickaël
  • 354
  • 2
  • 10
  • Thank you so much! I was going crazy. This was the problem .net core too(linux) (but works in java): export http_proxy=http://x.x.x.x:8888 export https_proxy=https://x.x.x.x:8888 – dtroy Apr 15 '18 at 14:48
2
var https = require('https');
https.globalAgent.options.secureProtocol = 'SSLv3_method';
user3180229
  • 37
  • 2
0

I got this error while connecting to Amazon RDS. I checked the server status 50% of CPU usage while it was a development server and no one is using it.

It was working before, and nothing in the connection configuration has changed. Rebooting the server fixed the issue for me.

Diaa Kasem
  • 1
  • 1
0

So in Short, 

vi ~/.proxy_info

export http_proxy=<username>:<password>@<proxy>:8080
export https_proxy=<username>:<password>@<proxy>:8080

source ~/.proxy_info

Hope this helps someone in hurry :)

Prateek Mishra
  • 1,226
  • 10
  • 21
0

in my case (the website SSL uses ev curves) the issue with the SSL was solved by adding this option ecdhCurve: 'P-521:P-384:P-256'

request({ url, 
   agentOptions: { ecdhCurve: 'P-521:P-384:P-256', }
}, (err,res,body) => {
...

JFYI, maybe this will help someone

Denisix
  • 106
  • 1
0

I got this error, while using it on my rocketchat to communicate with my gitlab via enterprise proxy,

Because, was using the https://:8080 but actually, it worked for http://:8080

MohanBabu
  • 407
  • 5
  • 14