Hackney cannot access HTTPS - CLIENT ALERT: Fatal - Handshake Failure - malformed_handshake_data

Bram Verburg bram.verburg@REDACTED
Tue Nov 26 08:00:40 CET 2019 

Which exact Erlang/OTP version are you on? It seems to be 21.3, and if
you're not on the very latest patch level you might get bitten by ssl bugs
such as https://bugs.erlang.org/browse/ERL-968. That particular one was
fixed in 21.3.8.5, and even though it was originally reported with a
slightly different error response, the root cause does make handshake data
appear malformed to the ssl state machine.

If that's not the issue, can you perhaps share a URL that triggers the
issue?


On Tue, 26 Nov 2019 at 02:40, I Gusti Ngurah Oka Prinarjaya <
okaprinarjaya@REDACTED> wrote:

> Hi,
>
> I use hackney to fetch a web page and i get error when accessing website
> with https with following error:
>
> TLS client: In state certify at tls_connection.erl:966 generated CLIENT
> ALERT: Fatal - Handshake Failure - malformed_handshake_data
>
> ** exception error: no match of right hand side value {error,
>                                                        {tls_alert,
>                                                         {handshake_failure,
>                                                          "received CLIENT
> ALERT: Fatal - Handshake Failure - malformed_handshake_data"}}}
>      in function  handler_test_test_test:fetch_page/1
> (/Users/okaprinarjaya/Oprek/Erlang-Oprek-Tiga/idea_execute/src/handler_test_test_test.erl,
> line 37)
>
> Then I found this: https://github.com/benoitc/hackney/issues/362 . I try
> to implement that github issue but still failed and still get same error
> message. My code based on github issue: https://pastebin.com/QeCc0tab
>
> My environment:
> 1. MacOS Mojave v10.14.6
> 2. Erlang/OTP 21 [erts-10.3] [source] [64-bit] [smp:4:4] [ds:4:4:10]
> [async-threads:1]
> 3. I install hackney with this way through rebar3:
> {hackney, ".*", {git, "git://github.com/benoitc/hackney.git", {branch,
> "master"}}}
> and my current hackney version is 1.15.2
>
> ssl:cipher_suites()
>
> [{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
>  {ecdhe_rsa,aes_256_cbc,sha384,sha384},
>  {ecdh_ecdsa,aes_256_cbc,sha384,sha384},
>  {ecdh_rsa,aes_256_cbc,sha384,sha384},
>  {dhe_rsa,aes_256_cbc,sha256},
>  {dhe_dss,aes_256_cbc,sha256},
>  {ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
>  {ecdhe_rsa,aes_128_cbc,sha256,sha256},
>  {ecdh_ecdsa,aes_128_cbc,sha256,sha256},
>  {ecdh_rsa,aes_128_cbc,sha256,sha256},
>  {dhe_rsa,aes_128_cbc,sha256},
>  {dhe_dss,aes_128_cbc,sha256},
>  {ecdhe_ecdsa,aes_256_cbc,sha},
>  {ecdhe_rsa,aes_256_cbc,sha},
>  {dhe_rsa,aes_256_cbc,sha},
>  {dhe_dss,aes_256_cbc,sha},
>  {ecdh_ecdsa,aes_256_cbc,sha},
>  {ecdh_rsa,aes_256_cbc,sha},
>  {ecdhe_ecdsa,aes_128_cbc,sha},
>  {ecdhe_rsa,aes_128_cbc,sha},
>  {dhe_rsa,aes_128_cbc,sha},
>  {dhe_dss,aes_128_cbc,sha},
>  {ecdh_ecdsa,aes_128_cbc,sha},
>  {ecdh_rsa,aes_128_cbc,sha}]
>
> Please enlightenment
>
> Thank you
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20191126/e43f9541/attachment.htm>

More information about the erlang-questions mailing list