Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

https requests complete despite handshake timeout #11030

Closed
cattytab opened this issue Jan 27, 2017 · 3 comments
Closed

https requests complete despite handshake timeout #11030

cattytab opened this issue Jan 27, 2017 · 3 comments
Labels
https Issues or PRs related to the https subsystem. tls Issues and PRs related to the tls subsystem.

Comments

@cattytab
Copy link

cattytab commented Jan 27, 2017
edited

  • Version: v6.9.4 and v7.4.0
  • Platform: Linux 3.19.0-77-generic Update README.md #85~14.04.1-Ubuntu SMP Mon Dec 5 11:19:02 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
  • Subsystem: https

When making an https request to a nodejs server over https, it is completing the request even though a tls handshake timeout is occurring. This was not the case in nodejs v5.7.0 but is happening v6.9.4 and v7.4.0 To see this, save the following as testServer.js

const https     = require("https");
const pem       = require("pem");
const express   = require("express");
const constants = require("constants");

var app = express();

pem.createCertificate({
    days       : 60,
    selfSigned : true,
    commonName : "*.com"
}, function (err, keys) {
    if (!err) { return startHttpsServer(keys); }
    console.warn(err.message);
});

function startHttpsServer(keys) {
    app.get("/cert", function (req, res) {
        res.send(keys.certificate + "\n");
    });

    var httpsServer = https.createServer({
        key              : keys.serviceKey,
        cert             : keys.certificate,
        ca               : keys.ca,
        secureProtocol   : "SSLv23_method",
        secureOptions    : constants.SSL_OP_NO_SSLv3,
        handshakeTimeout : 1
    }, app);
    httpsServer.on("clientError", function (exception, tlsSocket) {
        console.log(exception);
    });

    httpsServer.listen(4433);
}

Note the handshakeTimeout is set to 1ms.

nodejs v5.7.0 (works as expected)

  • Start server by nvm exec v5.7.0 node testServer.js
  • In a separate terminal, enter curl -k https://localhost:4433/cert and note that it fails:
$ curl -k https://localhost:4433/cert
curl: (35) Unknown SSL protocol error in connection to localhost:4433

Here is the output from the server:

$ nvm exec v5.7.0 node testServer.js 
Running node v5.7.0 (npm v3.6.0)
[Error: TLS handshake timeout]

nodejs v6.9.4 or v7.4.0 (does not work as expected)

  • Start server by nvm exec v6.9.4 node testServer.js
  • In a separate terminal, enter curl -k https://localhost:4433/cert and note that it succeeds:
$ curl -k https://localhost:4433/cert
-----BEGIN CERTIFICATE-----
MIICnDCCAYQCCQDWiSSv1uc+jTANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAUq
LmNvbTAeFw0xNzAxMjcwMTA3MDlaFw0xNzAzMjgwMTA3MDlaMBAxDjAMBgNVBAMM
BSouY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqk/7KYcO17lG
it+KDhTQVSLOcSoLlw7quiD+bH2y9kkJJADCkiedP1wQkoeg0F3ZlTaIAc49O4ro
JT+Hd391mY+33RcV6yj0P83+nw+u0ZO2Oheg8kcaXsd2tGKef1ZVcEDvu6LGURHa
CrhtkHNaLNtjqDbE2FT3m8WbpTpb1TXFDeth6l6T488vRf33/vC3rpwhwhiemXM1
g78pvMxZh7Sj3VW1ft2aJxdeMdYl+Y8sf+vL3+BzNkxO2Gq1FofAlIHdW3lv/kBo
TtKdCr/55Fzipl1kKD8kneOHCqub+YMAEbPPP9jkJpSf46yDSjT0m0TYJEjcGCvA
GqKFHihLoQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAgGHSj8DnMLHOU/os9oDMF
ZSPT9tsNYjdSd05bwmsVovMbWcTESBOYl6OlyxvlWZYdy92ViS8fwT+AHY+J5a9i
vxHXDMvDmuER8koRQ0V9eoBvagJ70XzsBKGIgeeSurI26PC2f7VGeuOjI7E6uGar
FYUEZinH8lr7ZwEXVO/jyiE5qwLs1X6KvkmpOtQac5kGLhF325rO+SXi15+EVdu0
a8RuXCqZ+Q91MHdiduBCxFAYvU0oewiNIM7LOgt6CgULYyoxTjWjY0I8gk8Peo1s
tbKmzWY7PMdL9dnvg9YcgGkgd8eI4mTWGgdAqRxhsx/sHns/jE3+nlFtJBqqdx4A
-----END CERTIFICATE-----

Here is the output from the server:

$ nvm exec v6.9.4 node testServer.js
Running node v6.9.4 (npm v3.10.10)
Error: TLS handshake timeout
    at TLSSocket._handleTimeout (_tls_wrap.js:556:22)
    at TLSSocket.g (events.js:291:16)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket.Socket._onTimeout (net.js:339:8)
    at ontimeout (timers.js:365:14)
    at tryOnTimeout (timers.js:237:5)
    at Timer.listOnTimeout (timers.js:207:5)

Even though the server gets the TLS handshake timeout, the request still succeeds and the https request is serviced.
@mscdex mscdex added https Issues or PRs related to the https subsystem. tls Issues and PRs related to the tls subsystem. labels Jan 27, 2017
@bnoordhuis
Copy link
Member

I don't know what commit is responsible for the change between v5.x and v6.x (but if I had to guess: either #8805 or #8889) but the logic is currently that:

  1. Until the 'secureConnection' event is emitted,
  2. Protocol errors are emitted as '_tlsError' events, not 'error' events, because of tls.connect() emitting twice an error event #1119.

cc @indutny - maybe you know more.

@Trott
Copy link
Member

Trott commented Jul 16, 2017

@nodejs/http Should this remain open?

@bnoordhuis
Copy link
Member

Seeing there's been no movement in over a year, I'll go ahead and close this out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
https Issues or PRs related to the https subsystem. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mscdex @bnoordhuis @Trott @cattytab