Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number #3

Open
serapath opened this issue Aug 17, 2020 · 8 comments
Open

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number #3

serapath opened this issue Aug 17, 2020 · 8 comments

Comments

@serapath
Copy link

just installed it and made a file server.js

const AutoEncryptLocalhost = require('@small-tech/auto-encrypt-localhost')
const server = AutoEncryptLocalhost.https.createServer()

it says it's runnig:

   📜    ❨auto-encrypt-localhost❩ Local development TLS certificate exists.
   ✨    ❨auto-encrypt-localhost❩ HTTP server is listening on port 80.
Web server is running at https://localhost
ips [ '127.0.0.1', '192.168.0.13' ]
   👉    ❨auto-encrypt-localhost❩ Redirecting HTTP request to HTTPS.
   👉    ❨auto-encrypt-localhost❩ Redirecting HTTP request to HTTPS.

but opening https://localhost:80 in google chrome gives me:

This site can’t provide a secure connectionlocalhost sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

and using curl https://localhost:80 gives me:

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Something seems to not work properly, but I don't have much experience with certificates yet.
Any help is appreciated :-)
@serapath
Copy link
Author

Here the same with curl and the --verbose flag

* Rebuilt URL to: https://localhost:80/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

@serapath
Copy link
Author

serapath commented Aug 17, 2020
edited
Loading

I'm running Linu Mint 19.3

when I initially ran the auto-encrypt-localhost server it logged:

   📜    ❨auto-encrypt-localhost❩ Setting up…
   📜    ❨auto-encrypt-localhost❩ Installing certutil dependency (Linux) using apt… 
[sudo] password for serapath:           
   📜    ❨auto-encrypt-localhost❩ Creating local certificate authority (local CA) using mkcert…
   📜    ❨auto-encrypt-localhost❩ Local certificate authority created.
   📜    ❨auto-encrypt-localhost❩ Creating local TLS certificates using mkcert…
   📜    ❨auto-encrypt-localhost❩ Local TLS certificates created.
events.js:291
      throw er; // Unhandled 'error' event
      ^

Error: listen EACCES: permission denied 0.0.0.0:80

So I followed the README and did sudo sysctl -w net.ipv4.ip_unprivileged_port_start=0 net.ipv4.ip_unprivileged_port_start = 0, after which it ran and logged:

   📜    ❨auto-encrypt-localhost❩ Local development TLS certificate exists.
   ✨    ❨auto-encrypt-localhost❩ HTTP server is listening on port 80.
Web server is running at https://localhost

PROBLEM

  • In firefox I get Error code: SSL_ERROR_RX_RECORD_TOO_LONG with auto-encrypt-localhost module.
  • running: openssl s_client -connect localhost:80 for auto-encrypt-localhost gives me:
CONNECTED(00000005)
140364042203584:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 311 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

I found another module https://www.npmjs.com/package/https-localhost which seems to do something similar to auto-encrypt-localhost, and when it runs, I can actually navigate to https://localhost and the server responds, but google chrome still tells me the certificate is invalid.

  • In firefox I get Error code: SEC_ERROR_BAD_SIGNATURE with that https-localhost module.

@serapath
Copy link
Author

Is there a way to:

  1. remove the certificate?
  2. check the certificate?
  3. list all the certificates?

It seems something with the certificate didn't properly work, but I'm not sure how to debug that.
I'm happy for any pointers :-)

@aral
Copy link
Contributor

aral commented Aug 17, 2020

Hmm, sorry for the hassle. It seems like the initial run permission error might be to blame. I will look into how we can handle that better.

In the meanwhile, can you please try deleting the configuration and trying again? The following should do it:

 rm -rf ~/.small-tech/auto-encrypt-localhost

@serapath
Copy link
Author

serapath commented Aug 18, 2020
edited
Loading

Oh, didn't notice that it created this in my home folder. I removed it.
Sadly, it still didn't solve the issue.

node serve.js 
   📜    ❨auto-encrypt-localhost❩ Setting up…
   📜    ❨auto-encrypt-localhost❩ Creating local certificate authority (local CA) using mkcert…
Sudo password:          
   📜    ❨auto-encrypt-localhost❩ Local certificate authority created.
   📜    ❨auto-encrypt-localhost❩ Creating local TLS certificates using mkcert…
   📜    ❨auto-encrypt-localhost❩ Local TLS certificates created.
   ✨    ❨auto-encrypt-localhost❩ HTTP server is listening on port 80.
Web server is running at https://localhost

But visiting https://localhost doesn't do anything, but visiting https://localhost:80 at least seems to exist:

  • firefox
Secure Connection Failed

An error occurred during a connection to localhost:80.
SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG
  • google chrome
This site can’t provide a secure connection
localhost sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

For comparision, trying with https://localhost or https://localhost:443 or https://localhost:54321 gives me:

  • firefox
Unable to connect
Firefox can’t establish a connection to the server at localhost.
  • google chrome
This site can’t be reached
localhost refused to connect.
ERR_CONNECTION_REFUSED

Which at least tells me, both browsers found something and not nothing, but it still doesn't work.

@aral
Copy link
Contributor

aral commented Aug 18, 2020

What platform are you testing on? Let me know and I’ll try and reproduce.

@serapath
Copy link
Author

serapath commented Aug 18, 2020
edited
Loading

Thx :-)

#3 (comment) is where i mentioned Linux Mint 19.3 (XFCE Desktop) ... I am using my Laptop, which is a HP Spectre x360 15" and i guess it's a 64bit architecture. It's an Intel Core i7.

Did you have any success reproducing it?

@aral
Copy link
Contributor

aral commented Mar 24, 2021

@serapath Sorry I’ve been so slow on this. I wasn’t able to reproduce it. Wondering if it’s still an issue for you on the latest 7.x line?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aral @serapath