Ssl_handshake error on Elixir 1.11.2

Hello, I’ve been working on an upgrade of Elixir in one of our applications, from Erlang 22.1.1, Elixir 1.9.4, to Erlang 23.1, Elixir 1.11.2. After deploying to a staging environment, it appears that everything is working, however we are getting some new :info level logs that we are a bit concerned about.

TLS :client: In state :certify at ssl_handshake.erl:1952 generated CLIENT ALERT: Fatal - Handshake Failure - {:bad_cert, :hostname_check_failed}

Here are some deps that we updated, cowboy is static on 2.8.0

library from to
hackney 1.15.2 1.16.0
rebar3 0.4.1 0.5.0
phoenix 1.4.17 1.5.6
phoenix_pubsub 1.1.2 2.0.0
plug 1.10.4 1.11.0
plug_cowboy 2.3.0 2.4.1

We don’t have phoenix configured for https as we have a separate load balancer taking care of ssl termination.

I’m thinking this error is coming from HTTPoison/Hackney, but I’m not entirely sure how to resolve it. Any ideas?

This might be helpful try to update your dependencies, worked for me

1 Like

Thanks, I indeed had found that already and updated. My TLS requests are working, they’re just logging that :info level warning from the erlang module, so it’s not a fix unfortunately.

So it turns out that it was the new_relic_agent causing these. We were on 1.4.0, and upgrading to 1.22.2 seems to have resolved the errors we were seeing in staging.

I believe this was resolved in 1.18.0 of new_relic_agent, via #197, where they dropped the :ssl_verify_fun dependency, and instead rely on OTP > 21.0’s pkix_verify_hostname_match_fun\1

1 Like