TLS connections fail with OTP-24 (in one project only)

I have a Phoenix project which doesn’t accept TLS connections when compiled & run with Elixir 1.12 & Erlang OTP-24. Everything’s fine with Elixir 1.12.0-rc.1 & OTP-23. I switch between versions using asdf (and delete _build and refresh the deps when switching).

If I create a new Phoenix project using 1.12/OTP-24, that works, so this is something project-specific.

The failure is https only (http connections to the same running process are fine). I’m using a self-signed cert generated with mix phx.gen.cert. It looks like it’s happening very early in the process as client connection attempts aren’t met at all:

 curl -v https://localhost:4001
*   Trying
* Connected to localhost ( port 4001 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* Operation timed out after 300599 milliseconds with 0 out of 0 bytes received
* Closing connection 0
curl: (28) Operation timed out after 300599 milliseconds with 0 out of 0 bytes received

In the console I get this when the failure happens, which my Elixir/Erlang/BEAM knowledge isn’t up to interpreting:

[error] Ranch listener XXXWeb.Endpoint.HTTPS had connection process started with
:cowboy_tls:start_link/4 at #PID<0.677.0> exit with reason: {:undef, [{:ssl, :ssl_accept,
[{:sslsocket, {:gen_tcp, #Port<0.40>, :tls_connection, [option_tracker: #PID<0.524.0>,
session_tickets_tracker: :disabled, session_id_tracker: #PID<0.525.0>]}, [#PID<0.676.0>,
#PID<0.675.0>]}, [], 5000], []}, {:ranch_ssl, :handshake, 3, [file:
'/home/crispinb/src/XXX/deps/ranch/src/ranch_ssl.erl', line: 142]}, {:ranch, :handshake, 2, [file:
'/home/crispinb/src/XXX/deps/ranch/src/ranch.erl', line: 243]}, {:cowboy_tls, :connection_process,
4, [file: '/home/crispinb/src/XXX/deps/cowboy/src/cowboy_tls.erl', line: 43]}, {:proc_lib,
:init_p_do_apply, 3, [file: 'proc_lib.erl', line: 226]}]}

The project itself is very simple (as it must be - I’m just learning Phoenix) with only these deps:

      {:bcrypt_elixir, "~> 2.0"},
      {:phoenix, "~> 1.5.8"},
      {:phoenix_ecto, "~> 4.1"},
      {:ecto_sql, "~> 3.4"},
      {:postgrex, ">= 0.0.0"},
      {:phoenix_html, "~> 2.11"},
      {:phoenix_live_reload, "~> 1.3", only: :dev},
      {:phoenix_live_dashboard, "~> 0.4"},
      {:telemetry_metrics, "~> 0.4"},
      {:telemetry_poller, "~> 0.4"},
      {:gettext, "~> 0.11"},
      {:jason, "~> 1.0"},
      {:plug_cowboy, "~> 2.0"},
      {:credo, "~> 1.5", only: [:dev, :test], runtime: false},
      {:tz, "~> 0.16.0"},
      {:phx_gen_auth, "~> 0.7.0"},
      {:earmark, "~> 1.4"},
      {:phoenix_html_sanitizer, "~> 1.0.0"}

Any hints much appreciated!


Try to upgrade Ranch: mix deps.update ranch. The error suggests your version of ranch is still using the old :ssl.ssl_accept/1,2,3 API, which was deprecated some time ago and has been removed in OTP 24.

Thanks. I’ve just tried that but it didn’t update, I think because ranch is version-locked by other packages. I’ve tried tracing back by looking through mix.lock, then looking up each ancestor on but got into a bit of a muddle without resolution.

I’ve yet to delve fully into Elixir’s dependency system as is probably apparent :wink: Are there tools to more easily examine the dependency tree? And what’s the community norm around here - raise an issue on github or assume a major package like Phoenix will gain the appropriately updated deps in good time?

I’ve managed to get it working well enough for something I’m just playing with. I tried to force the latest ranch version in mix.exs, but that caused a conflct that failed to build. I took out the mix.exs entry and did a mix deps update --all, which left me with a setup that works but still puzzles me (the ranch version in mix.lock is now later than I thought was specified by its ancestor).

So I’m sorted for now (thanks @voltone ) but still would appreciate any pointers to tools and / or reading on how to deal with this kindof thing.

I have discovered mix deps.tree. Nice!

1 Like

Looks like ranch >= 1.8.0 fixes the problems.