Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for specifying the TLS ciphers list #194

Closed
spanditcaa opened this issue Sep 7, 2017 · 0 comments
Closed

Add support for specifying the TLS ciphers list #194

spanditcaa opened this issue Sep 7, 2017 · 0 comments
Assignees
Labels
Milestone

Comments

@spanditcaa
Copy link
Contributor

@spanditcaa spanditcaa commented Sep 7, 2017

We're experiencing an issue where our apps using wreck occasionally receive an error connecting to external load balanced APIs where some instances of the outside service appear to support different TLS ciphers than others. This causes SSL renegotiation to fail with the error below.

We can mitigate this issue by forcing the request to use the 'lowest common denominator' of ciphers that the outside service appears to support, but wreck does not currently allow us to specify the TLS ciphers list.

Error: write EPROTO 140737000285120:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:../deps/openssl/openssl/ssl/s3_pkt.c:365:

    at _errnoException (util.js:1041:11)
    at WriteWrap.afterWrite [as oncomplete] (net.js:858:14)
{
  "error": {
    "code": "EPROTO",
    "errno": "EPROTO",
    "syscall": "write",
    "trace": [
      {
        "method": "GET",
        "url": "https://someguywithtwodifferently.configdserversbehindaLB.com/data"
      }
    ],
    "isBoom": true,
    "isServer": true,
    "data": null,
    "output": {
      "statusCode": 502,
      "payload": {
        "message": "Client request error: write EPROTO 140737000285120:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:../deps/openssl/openssl/ssl/s3_pkt.c:365:\n",
        "statusCode": 502,
        "error": "Bad Gateway"
      },
      "headers": {}
    }
  }
}
@geek geek self-assigned this Sep 7, 2017
@geek geek added the feature label Sep 7, 2017
@geek geek added this to the 12.5.0 milestone Sep 7, 2017
@geek geek closed this in 2690fdf Sep 7, 2017
geek added a commit that referenced this issue Sep 7, 2017
closes #194 - support for a list of TLS ciphers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.