25

TLDR

I get the following error when attempting to download a zip file from github using https.request via my company proxy:

An error occured whilst trying to download Casper.JS 140735122252160:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:../deps/openssl/openssl/ssl/s3_pkt.c:337:

More information

I'm attempting to edit the grunt-casperjs install script to allow myself and my colleagues to install behind our proxy. The script fetches Casper from Github and downloads it. Originally the script didn't support a proxy so I copied the grunt-phantomjs proxy support. Phantomjs is downloaded via a http connection and this works fine via our proxy (if I change it to a https URL it fails with the same error).

I have attempted the following:

  • I added https.globalAgent.options.secureProtocol = 'SSLv3_method'; as previously an unknown protocol error was displayed.
  • Using curl, the request completes fine
  • Updated OpenSSL and Node
  • I added https.globalAgent.options.secureOptions = 'SSL_OP_NO_TLSv1'; but this results in node returning with no message after the request is made

Reduced test case

var https = require('https');
https.globalAgent.options.secureProtocol = 'SSLv3_method'

var url = require('url');
var downloadUrl = 'https://codeload.github.com/n1k0/casperjs/zip/1.0.3'
var proxy = 'https://username:password@IP:port';

var options = url.parse(proxy);
options.path = downloadUrl;
options.headers = { Host: url.parse(downloadUrl).host }
// If going through proxy, spoof the User-Agent, since may commercial proxies block blank or unknown agents in headers
options.headers['User-Agent'] = 'curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5'
// Turn basic authorization into proxy-authorization.
options.headers['Proxy-Authorization'] = 'Basic ' + new Buffer(options.auth).toString('base64');
delete options.auth;

var request = https.get(options, function(response) {
    console.log('response received');
}).on('error', function(e) {
    console.log('An error occurred whilst trying to download Casper.JS ' + e.message);
});

Original Code

function downloadZipFromGithub() {
    var file = fs.createWriteStream(path.join(tmpPath, "archive.zip"));
    var lengthSoFar = 0;
    var npmconfDeferred = kew.defer();
    npmconf.load(npmconfDeferred.makeNodeResolver());

    npmconfDeferred.then(function(conf){
        var requestOptions = getRequestOptions(conf.get('https-proxy'));

        https.globalAgent.options.secureProtocol = 'SSLv3_method';

        var request = https.get(requestOptions, function(response) {
            if (response.statusCode === 301 || response.statusCode === 302) {
                downloadUrl = response.headers.location;
                downloadZipFromGithub();
            } else {
                response.pipe(file);
                response.on('data', function(chunk) {
                    console.log('Receiving ' + Math.floor((lengthSoFar += chunk.length) / 1024) + 'K...' );
                }).
                    on('end', unzipTheZippedFile).
                    on('error', function(e) {
                        console.log('An error occured whilst trying to download Casper.JS ' + e.message);
                        tidyUp();
                    });
            }
         }).on('error', function(e) {
            console.log('An error occured whilst trying to download Casper.JS ' + e.message);
            tidyUp();
        });
     });
 }

function getRequestOptions(proxyUrl) {
    if (proxyUrl) {
        var options = url.parse(proxyUrl);
        options.path = downloadUrl;
        options.headers = { Host: url.parse(downloadUrl).host }
        // If going through proxy, spoof the User-Agent, since may commerical proxies block blank or unknown agents in headers
       options.headers['User-Agent'] = 'curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5'
        // Turn basic authorization into proxy-authorization.
        if (options.auth) {
            options.headers['Proxy-Authorization'] = 'Basic ' + new Buffer(options.auth).toString('base64');
            delete options.auth;
        }

        return options;
    } else {
        return url.parse(downloadUrl);
    }
}
foiseworth
  • 951
  • 2
  • 11
  • 19
  • "wrong version number ... `SSLv3_method`" - typically you use the `SSLv23_method` and then remove undesired protocols like SSLv2 with `SSL_OP_NO_SSLv2`. That gets you SSLv3 and above. In fact, I usually use `SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3` for TLSv1.0 and above (I've never had a problem with using TLS exclusively). Unfortunately, I don't know how to do it in Javascript. – jww Jan 07 '14 at 18:29
  • Please check this out: https://stackoverflow.com/questions/50840101/curl-35-error1408f10bssl-routinesssl3-get-recordwrong-version-number – Michel Gokan Khan Nov 13 '18 at 11:22
  • I came across this error using axios and found I had to specify the port (443) in the baseUrl. https://:443/ – sfanjoy Jun 27 '19 at 19:25

3 Answers3

31

None of the above solutions worked for me, but I was able to resolve my issues by updating the https-proxy URL from an httpS URL to an http URL

What Would Be Cool
  • 6,204
  • 5
  • 45
  • 42
Ampp3
  • 601
  • 1
  • 7
  • 12
14

It looks like this error is caused when squid (the proxy) does not have https enabled or you're connecting to the wrong port.

Source: https://github.com/joyent/node/issues/6779

foiseworth
  • 951
  • 2
  • 11
  • 19
0

This should be possible using the Request module (npm install request). The below works for standard HTTPS requests over an HTTP proxy. As you are tunnelling the HTTPS request to the end server (in this example Github) I'm not sure its necessary for the proxy to also be HTTPS.

var request = require('request');

var proxy = 'http://username:password@IP:port';
var downloadUrl = 'https://codeload.github.com/n1k0/casperjs/zip/1.0.3'
var options = {
    proxy: proxy,
    url: downloadUrl
};

function callback(error, response, body) {
  console.log(error);
  console.log(response);        
    if (!error && response.statusCode == 200) {
        console.log(body);        
    }

}

request(options, callback);
Tim Williams
  • 318
  • 2
  • 6