Httpoison post request returns %HTTPoison.Error{id: nil, reason: {:tls_alert, 'internal error'}}}

Hello I am a beginner in Elixir and I’m currently running into the following issue.

When trying to make a post request to a server using httpoison.

  def send(xml_message) do
    url = "https://******/LIMessageProcessing/http/UICCCMessageProcessing/UICCCMessageProcessingInboundWS"
    response = HTTPoison.post(url ,[], hackney: [:insecure])
    req = Poison.decode!(response.body)
  end

I recieve the following error:

[info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:364 generated CLIENT ALERT: Fatal - Internal Error - {unexpected_error,{case_clause,{error,{asn1,{...}}}}}', 10]
[info] Sent 500 in 126ms
[error] #PID<0.924.0> running TaftapServiceWeb.Endpoint (connection #PID<0.923.0>, stream id 1) terminated
Server: localhost:4000 (http)
Request: POST /
** (exit) an exception was raised:
    ** (ArgumentError) argument error
        :erlang.apply({:error, %HTTPoison.Error{id: nil, reason: {:tls_alert, 'internal error'}}}, :body, [])

No matter what options I pass to the post method it will always return this error.

If posting to another url (e.g https://google.com/)
I get the following error:

 (exit) an exception was raised:
    ** (ArgumentError) argument error
        :erlang.apply({:error, %HTTPoison.Error{id: nil, reason: :nxdomain}}, :body, [])

Using HTTPoison.get on https://google.com/ works but using get on the domain I want to post to yields the same {:tls_alert, ‘internal error’}}}.

I am sure that the server I am trying to post to functions as it should be as I have been able to make succesful requests from SAOP UI and Ruby.

Elixir version: 1.8.1
Erlang version: 21.2.6

In my current work, we have some concept similar to webhook and we need to support servers which might not follow the latest standard. Every time we try to upgrade erlang OTP, we will find some new errors which used to work in the old version. So we do the config change dance once again and settle on a config that works best across all the servers. Last time it was related to chacha20 cipher, which was enabled by default and there seem to be multiple incompatible implementations out there. Debugging these kind of errors are real tricky as the ssl app mostly throws a generic error without much details.

{:tls_alert, ‘internal error’}

This usually means something goes wrong when it tries to establish ssl connection. You could use SSL Server Test (Powered by Qualys SSL Labs) to figure out what kind of versions are supported by your target server. Then you can play around with ssl:connect/3

iex(1)> :ssl.start()
:ok
iex(2)> :ssl.connect('null.badssl.com', 443, [])

timestamp=2019-03-01T11:46:26.123Z level=info  message= ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'hello', 32, 'received SERVER ALERT: Fatal - Handshake Failure', 10]
{:error, {:tls_alert, 'handshake failure'}}
iex(3)> :ssl.connect('google.com', 443, [])
{:ok,
 {:sslsocket, {:gen_tcp, #Port<0.19>, :tls_connection, :undefined},
  [#PID<0.438.0>, #PID<0.437.0>]}}

Once you find the correct set of options that allows you to connect, you
could pass that to hackney

HTTPoison.post(url, body, headers, ssl: [verify: :verify_none])
4 Likes

[info] [‘TLS’, 32, ‘client’, 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, ‘certify’, 32, ‘at ssl_handshake.erl:364 generated CLIENT ALERT: Fatal - Internal Error - {unexpected_error,{case_clause,{error,{asn1,{…}}}}}’, 10]

This is a decoding error during the TLS handshake. The specific location (ssl_handshake.erl:364) suggests a certificate sent by the server cannot be parsed. Does openssl s_client -connect ******:443 -servername ****** connect without errors?

%HTTPoison.Error{id: nil, reason: :nxdomain}}

This suggests the hostname could not be resolved. I suspect you simply had a typo in the URL at the time, or there was a problem with your Internet connection.

5 Likes

Duo to time constraints we have decided to write the application on short term in Ruby. But I will investigate and try to find a solution to this problem in de future as we our goal is to switch completely to Elixir.

Thanks for your advice.

Thanks for sharing the useful, trouble shooting methods. above @cedric5

With me reason “:nxdomain” of HTTPoison, was due to my internet being offline.