[Bug]: Unhandled ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC causes crash during long sessions

[LyalinDotCom]

What happened?

I was using the Gemini CLI to inspect my project (nanobanana-cli) during a long session. It was working perfectly for a while until it hit a transient SSL error and completely stopped execution, breaking my workflow.

I had to manually restart the task, which worked immediately. I am including the full terminal and F12 debug output below for context on where the crash occurred.

Error Log:

✕ [API Error: request to
https://cloudcode-pa.googleapis.com/v1internal:streamGenerateContent?alt=sse failed, reason:
402CE20302000000:error:0A0003FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record
mac:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1605:SSL alert number 20
]

6 GEMINI.md files | 7 MCP servers

╭─────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Debug Console (F12 to close) │
│ │
│ fetch/lib/index.js:1501:11) │
│ at ClientRequest.emit (node:events:518:28) │
│ at emitErrorEvent (node:_http_client:104:11) │
│ at TLSSocket.socketErrorListener (node:_http_client:518:5) │
│ at TLSSocket.emit (node:events:518:28) │
│ at TLSSocket._emitTLSError (node:_tls_wrap:1034:10) │
│ at TLSWrap.onerror (node:_tls_wrap:475:11) │
│ at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17) { │
│ type: 'system', │
│ errno: 'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC', │
│ code: 'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC' │
│ }, │
│ code: 'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC', │
│ [Symbol(gaxios-gaxios-error)]: '6.7.1' █│
│ } █│
╰─────────────────────────────────────────────────────────────────────────────────────────────────╯
╭─────────────────────────────────────────────────────────────────────────────────────────────────╮
│ > Type your message or @path/to/file │
╰─────────────────────────────────────────────────────────────────────────────────────────────────╯
~/.../nanobanana-cli no sandbox gemini-3-pro-preview /model

What did you expect to happen?

I expect the Gemini CLI to be resilient to transient network or SSL glitches. It clearly could have given I just said "try again" and it worked without restarting Gemini CLI.

This error (ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC) was temporary—simply retrying the request worked immediately. The CLI should have detected this as a recoverable network error and attempted an auto-retry internally, rather than crashing the process and forcing me to restart my session manually. It should not break the user's flow for a one-off socket error.

Client information

│ About Gemini CLI │
│ │
│ CLI Version 0.27.0-nightly.20260121.97aac696f │
│ Git Commit 20e5496 │
│ Model gemini-3-pro-preview │
│ Sandbox no sandbox │
│ OS darwin │
│ Auth Method OAuth

Login information

OAuth, AI Ultra subscription

Anything else we need to know?

No response

[gemini-cli]

Found possible duplicate issues:

• Error "Error when talking to Gemini API" #2508
• Gemini reports: CRITICAL: Unhandled Promise Rejection! #9136
• [API Error: request to https://cloudcode-pa.googleapis.com/v1internal:countTokens failed, reason: ] #5095
• ✕ [API Error: exception TypeError: fetch failed sending request] (No proxy) #5542
• Gemini CLI crashed and stopped responding #10389
• API error every time... #10745
• Error when talking to Gemini API #8319
• file:///usr/local/Cellar/gemini-cli/0.1.14/libexec/lib/node_modules/@google/gemini-cli/dist/src/ui/hooks │ │ /useGeminiStream.js:326:26 │ │ at async │ │ file:///usr/local/Cellar/gemini-cli/0.1.14/libexec/lib/node_modules/@google/gemini-cli/dist/src/ui/hook #4986
• [API Error: Premature close] #4230
• Errors that occur during tool execution (like WriteFile) are irrecoverable & impossible to report #11134

If you believe this is not a duplicate, please remove the status/possible-duplicate label.

[ppgranger]

/assign