tlsv1 alert internal error when trying to API query https://bittrex.com

[greatwolf]

Here's a short code snippet to reproduce the problem:

local req = require 'ssl.https'.request
local resp = {}
local url = 'https://bittrex.com/api/v1.1/public/getmarketsummaries'

print( req { method = "GET", url = url, sink = ltn12.sink.table (resp) } )
print( table.concat(resp) )

For me, this gives the output:

nil tlsv1 alert internal error nil nil

My setup

• luajit 2.1.0
• luasocket 3.0rc1
• luasec 0.6-1
• openssl 1.0.1g used when building luasec
• mingw 4.9.1

It's important to mention that this problem started happening today. Before today, this use to work just fine which suggests that bittrex might have changed something with their ssl certificate or the cipher suite used. I posted about this problem over on /r/bitcoinmarkets

Another interesting observation, I tested the same get request on curl 7.23.1:

curl -v -k "https://bittrex.com/api/v1.1/public/getmarkethistory?market=BTC-XMR"

giving me this output:

* About to connect() to bittrex.com port 443 (#0)
*   Trying 104.18.56.9... connected
* SSLv3, TLS handshake, Client hello (1):
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection #0
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

However, if I perform the same operation on curl 7.51.0 that works! And of course, testing this in the chrome browser works fine.

Any ideas on what the tlsv1 error means and how to fix it? A search shows this same error message has happened on other languages too like python which likely suggests an error that's emanating from openssl or the way luasec is using openssl.

[brunoos]

It is missing SNI name (#44)

$ openssl s_client -connect bittrex.com:443
CONNECTED(00000003)
140304020539032:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:769:

$ openssl s_client -connect bittrex.com:443 -servername bittrex.com
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN = sni28913.cloudflaressl.com
verify return:1
...

[greatwolf]

Thank you! TomasB's patch did the trick and it's working again. The change seems simple enough, any chance you can add it to master or accept a PR for it?