HTTPS handshake error: Fatal - Handshake Failure

zkessin · January 15, 2021, 4:31pm

I am trying to hit an HTTPS endpoint and when I call it HTTPoison returns this error

 {:error, %HTTPoison.Error{id: nil, reason: {:tls_alert, {:handshake_failure, 'TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure\n'}}}}

I am passing these options to the get command

   http_options = [ssl: [versions: [:"tlsv1.2"], verify: :verify_none]]
    {:ok, results} = get(url, [], http_options)

I have been banging my head on this for a few days now and my google-fu has failed me, any suggestions on how to fix this?

crusso · January 20, 2021, 1:56am

I’m having the same problem. This is for code that was working previously with the same site. Although I have no idea if the site has made changes to their server, like updating their allowed encryption or something.

voltone · January 20, 2021, 8:46am

The server aborts the handshake, so it looks like it doesn’t like something the client sends. Unfortunately the server does not (cannot) indicate exactly what it didn’t like through the TLS alert mechanism. It might record more details in its local log, but I’m guessing you don’t have access to that log.

I would trace a successful handshake (using curl or openssl) and an unsuccessful one with Wireshark, and compare. You can also trace the handshake by adding log_level: :debug to the ssl options in the client, but that might be hard to compare with the output of other clients.

rjk · January 20, 2021, 9:55am

You can encounter this error for multiple reasons, one of them already mentioned above (conflicting TLS/cipher suite versions). But it can also be that you’re connecting HTTPS over a HTTP port. Another one is a broken erlang/BEAM install with openssl.

I would try to make really sure you’re connecting to a HTTPS(TLS) port by curling to the endpoint. If curl acts ‘normal’ you’re more sure the issue is inside your own code/side. curl -vvv https://www.example.com

You could list the supported TLS versions and cipher suites with for example https://www.ssllabs.com/ssltest/ (if it is open to the outside world) or otherwise with nmap or openssl s_client. (nmap = nmap --script ssl-enum-ciphers -p 443 www.example.com) see here for more info how to do this.

If you can share the given endpoint and it’s open for the public I can also take a look if you want.

One final last note; maybe you already know but don’t use verify_none in production settings, it’s saying you don’t care where the server TLS certificate comes from (as in: you don’t mind it’s self signed, most of the time not what you want).

Exadra37 · January 20, 2021, 12:44pm

Unfortunately this is the default value for :httpc and a lot of HTTP libraries build on top of it directly or indirectly, and some of them may use this insecure default, looking at you Tesla:

github.com/elixir-tesla/tesla

Secure by default

opened 08:53AM - 20 Apr 19 UTC

Exadra37

idea

# The Motivation Since my earlier days as developer I always have been astoni…shed with the mindset of our industry of being insecure by default, where normally security is opt-in, instead of opt-out, and this mindset is one of the main culprits for so many data-breaches that occur every week/month/year. So the current mindset is to release software with all the doors and windows of your home open, while your are away, and then hope that the developers using it will learn how to properly close all that doors and windows, and then also hope that when they learn how to properly do it, that they don't forget one open. Just to put things in perspective, try to use [shodan.io](https://www.shodan.io/search?query=mongodb) to see how software ends up in production without being properly secured, due to the current mindset of our industry of preferring convenience over security. This all started in [this tweet](https://twitter.com/Exadra37/status/1118874708064256001) and I was asked in [this other tweet](https://twitter.com/iteamon/status/1119254174326300673) to open this issue. # The Context So this have been brought up before by @lau in the issue #235 and by @rawkode in issue #138. By @lau > The default adapter is httpc, which does not check certificates when using HTTPS. This seems like an unsafe default. Many people will probably use the default and use it to communicate with APIs. Perhaps with sensitive data. I cannot agree more with this, but the issue on the time was solved with only a note in the README. Alerts, notes in the README or any other docs will be missed, ignored or forgotten, by beginners, juniors and senior developers, because human beings tend to prefer convenience above anything else., but convenience should not be put in front of Security. # The Proposal @teamon says on [this comment](https://github.com/teamon/tesla/issues/138#issuecomment-350702593): > The point of Tesla is not to get rid of hackney, nor any other http adapter. The point is to let the end use choose the adapter that suits best or write a custom one if needed. So in the README we have: > Configure default adapter in config/config.exs (optional). But instead we should have: > Configure default adapter in config/config.exs (**REQUIRED**). And we could then have a list of possible secure by default adapters. This change would leave Tesla agnostic of an adapter as per the goal of @teamon, but would not leave Tesla insecure by default... The developer would be required to explicitly opt-in for the adapter to use. So this means that if the Tesla was to be used without configuring the adapter, an exception should be raised with a very clear message. Once this is a breaking change a major version would be needed. > **PS:** I appeal to all developers to always embrace **Secure By Default** aproach when building software.

Now, even when HTTP libraries don’t use the insecure defaults you may “accidentally override” it when customizing the library. I say accidentally because if the library doesn’t merge the configuration you pass in with the one it uses internally to secure :httpc, then you just have replaced accidentally them.

You may want to take a look to this talk from @voltone:

crusso · January 20, 2021, 8:01pm

Thanks for the reply. I’m able to use HTTPoison to connect to https://www.google.com as well as another personal https site I have. So I don’t suspect the installation is the culprit. I’m using HTTPS URLs and the responses from the servers indicate that the client is going to the right port.

Here’s the nmap dump of ciphers to the problem service. That list seems kind of skimpy, but I’ve only looked at a few other sites for comparison:

% nmap --script ssl-enum-ciphers -p 443 api.etrade.com                                                                                                         14:30:49
Starting Nmap 7.91 ( https://nmap.org ) at 2021-01-20 14:34 EST
Nmap scan report for api.etrade.com (12.153.224.50)
Host is up (0.027s latency).
Other addresses for api.etrade.com (not scanned): 198.93.34.32
rDNS record for 12.153.224.50: mtrader.etrade.com

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       Forward Secrecy not supported by any cipher
|_  least strength: A

Here is a naive attempt to connect to the api URL:

iex(3)> HTTPoison.get!("https://api.etrade.com")
[info] TLS :client: In state :hello received SERVER ALERT: Fatal - Handshake Failure

** (HTTPoison.Error) {:tls_alert, {:handshake_failure, 'TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure\n'}}
    (httpoison 1.8.0) lib/httpoison.ex:156: HTTPoison.request!/5

Adding a tlsv1.2 option doesn’t seem to change anything. Neither does the suggested log_level: :debug. The output was exactly the same.

iex(4)> HTTPoison.get!("https://api.etrade.com", [], [ssl: [versions: [:'tlsv1.2']], log_level: :debug])

I’m using the 1.8 version of HTTPoison. How do I see what ciphers it (or Hackney) has available?

Followup edit: I think I see the ciphers offered up by the client in the wireshark capture I just did. HTTPoison or Hackney or whatever offers no TLS_RSA_WITH_AES* cipher suites. Meanwhile, a packet capture of a successful curl negotiation includes plenty that match those available on the server.

What can I do about it?

Thank you for any advice.

rjk · January 20, 2021, 8:48pm

HTTPoison.get!("https://api.etrade.com", [], [ssl: [ciphers: :ssl.cipher_suites() ++ [{:rsa, :aes_256_cbc, :sha256}]], log_level: :debug])

seems to work here! See if that works for you.

crusso · January 20, 2021, 8:59pm

Excellent!

My code is working again. That’s a big relief. At first when the etrade API stopped working, I was worried that they had changed something fundamental in their OAUTH implementation that was going to involve some painstaking debugging. I’m having enough trouble finding time for this side project. I was dreading the thought at having to spend precious hours reworking code that had been working fine.

I guess that either the etrade admins stopped supporting some cipher I was using before or the erlang ssl stopped including some suites by default. Either way, your suggestion did the trick.

Thank you very much.

rjk · January 20, 2021, 9:16pm

It seems they’ve documented it here: Erlang -- ssl

For security reasons RSA key exchange cipher suites are no longer supported by default, but can be configured. (OTP 21)

Glad to see your code is working again!

voltone · January 21, 2021, 7:56am

Ah, of course, I had forgotten all about the removal of RSA key exchange already. One would expect a site such as this to support (EC)DHE: I mean, it is 2021…

Anyway, keep in mind that :ssl.cipher_suites/1,2 is deprecated. The ‘official’ way to select custom ciphers would be something like:

defaults = :ssl.cipher_suites(:default, :"tlsv1.2")
rsa_kx =
  :ssl.cipher_suites(:all, :"tlsv1.2")
  |> :ssl.filter_cipher_suites(
    key_exchange: &(&1 == :rsa),
    cipher: &(&1 in [:aes_128_cbc, :aes_128_gcm, :aes_256_cbc, :aes_256_gcm]),
  )
HTTPoison.get!("https://api.etrade.com", [], ssl: [ciphers: defaults ++ rsa_kx])

Also, and more importantly, as @Exadra37 pointed out, passing custom ssl options to Hackney/HTTPoison will override its secure defaults, including verify: :verify_peer and the CA trust store. So actually, for a secure connection you’d have to call:

HTTPoison.get!("https://api.etrade.com", [], ssl: [
  ciphers: defaults ++ rsa_kx,
  verify: :verify_peer,
  cacertfile: :certifi.cacertfile(),
  depth: 3,
  customize_hostname_check: [
    match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
  ]
])

rjk · January 21, 2021, 9:12am

just to add as a helper to debug these calls: :hackney_trace.enable(:max, :io) logs your requests to STDOUT on the REPL/console (it shows the enabled cipers for example).

affficionado · December 6, 2021, 2:48pm

A little update: :ssl API have been changed, and correct code would be

:ssl.cipher_suites(:all, :"tlsv1.2") ++ [%{key_exchange: :rsa, cipher: :aes_256_cbc, mac: :sha256}]

tmariaz · March 15, 2023, 10:15am

This still doesn’t help me to fix my handshake error.

config.exs

http_options: [
    timeout: 60_000,
    recv_timeout: 60_000,
    # ssl: [{:versions, [:"tlsv1.2"]}],
    ssl: [
      ciphers:
        :ssl.cipher_suites(:all, :"tlsv1.2") ++
          [%{key_exchange: :rsa, cipher: :aes_256_cbc, mac: :sha256}]
    ],
    log_level: :debug
    # hackney: [:insecure]
  ]

Error Log:

Request: POST /api/bill/payment
** (exit) an exception was raised:
    ** (HTTPoison.Error) {:tls_alert, 'handshake failure'}
        (httpoison) lib/httpoison.ex:66: HTTPoison.request!/5

Not sure what is wrong?

The server still on Erlang OTP 20 and not yet updated to latest version.

D4no0 · March 15, 2023, 10:35am

Start ssl in verbose mode, then check what algorithm it is using for key exchange and cipher.

tmariaz · March 15, 2023, 1:55pm

I am new to Erlang and Elixir. Sorry for being noob. Can I know how to run that command?

D4no0 · March 15, 2023, 2:14pm

This is part of common options:

ssl: [
      ciphers:
        :ssl.cipher_suites(:all, :"tlsv1.2") ++
          [%{key_exchange: :rsa, cipher: :aes_256_cbc, mac: :sha256}],
       log_level: :all
    ],

tmariaz · March 17, 2023, 3:42am

Still same error when calling the api… Do I have to look for the log?

When I run the following I get the TLS info.

curl -I -v --tlsv1.2 --tls-max 1.2 https://myserver/api/endpoint
*   Trying myserver-ip-address:443...
* Connected to myserver (myserver-ip-address) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: ~/ssl/cacert.pem
*  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

What am I missing?