crispinb
TLS connections fail with OTP-24 (in one project only)
I have a Phoenix project which doesn’t accept TLS connections when compiled & run with Elixir 1.12 & Erlang OTP-24. Everything’s fine with Elixir 1.12.0-rc.1 & OTP-23. I switch between versions using asdf (and delete _build and refresh the deps when switching).
If I create a new Phoenix project using 1.12/OTP-24, that works, so this is something project-specific.
The failure is https only (http connections to the same running process are fine). I’m using a self-signed cert generated with mix phx.gen.cert. It looks like it’s happening very early in the process as client connection attempts aren’t met at all:
curl -v https://localhost:4001
* Trying 127.0.0.1:4001...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4001 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* Operation timed out after 300599 milliseconds with 0 out of 0 bytes received
* Closing connection 0
curl: (28) Operation timed out after 300599 milliseconds with 0 out of 0 bytes received
In the console I get this when the failure happens, which my Elixir/Erlang/BEAM knowledge isn’t up to interpreting:
[error] Ranch listener XXXWeb.Endpoint.HTTPS had connection process started with
:cowboy_tls:start_link/4 at #PID<0.677.0> exit with reason: {:undef, [{:ssl, :ssl_accept,
[{:sslsocket, {:gen_tcp, #Port<0.40>, :tls_connection, [option_tracker: #PID<0.524.0>,
session_tickets_tracker: :disabled, session_id_tracker: #PID<0.525.0>]}, [#PID<0.676.0>,
#PID<0.675.0>]}, [], 5000], []}, {:ranch_ssl, :handshake, 3, [file:
'/home/crispinb/src/XXX/deps/ranch/src/ranch_ssl.erl', line: 142]}, {:ranch, :handshake, 2, [file:
'/home/crispinb/src/XXX/deps/ranch/src/ranch.erl', line: 243]}, {:cowboy_tls, :connection_process,
4, [file: '/home/crispinb/src/XXX/deps/cowboy/src/cowboy_tls.erl', line: 43]}, {:proc_lib,
:init_p_do_apply, 3, [file: 'proc_lib.erl', line: 226]}]}
The project itself is very simple (as it must be - I’m just learning Phoenix) with only these deps:
{:bcrypt_elixir, "~> 2.0"},
{:phoenix, "~> 1.5.8"},
{:phoenix_ecto, "~> 4.1"},
{:ecto_sql, "~> 3.4"},
{:postgrex, ">= 0.0.0"},
{:phoenix_html, "~> 2.11"},
{:phoenix_live_reload, "~> 1.3", only: :dev},
{:phoenix_live_dashboard, "~> 0.4"},
{:telemetry_metrics, "~> 0.4"},
{:telemetry_poller, "~> 0.4"},
{:gettext, "~> 0.11"},
{:jason, "~> 1.0"},
{:plug_cowboy, "~> 2.0"},
{:credo, "~> 1.5", only: [:dev, :test], runtime: false},
{:tz, "~> 0.16.0"},
{:phx_gen_auth, "~> 0.7.0"},
{:earmark, "~> 1.4"},
{:phoenix_html_sanitizer, "~> 1.0.0"}
Any hints much appreciated!
Marked As Solved
voltone
Try to upgrade Ranch: mix deps.update ranch. The error suggests your version of ranch is still using the old :ssl.ssl_accept/1,2,3 API, which was deprecated some time ago and has been removed in OTP 24.
Also Liked
bartblast
Looks like ranch >= 1.8.0 fixes the problems.
crispinb
I have discovered mix deps.tree. Nice!
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









