Error 'bad record mac' starting websockex (Erlang >20 SSL Issue)

Azolo / websockex

An Elixir Websocket Client

MIT License

513 stars 96 forks source link

Error 'bad record mac' starting websockex (Erlang >20 SSL Issue) #48

Open mbenatti opened 6 years ago

mbenatti commented 6 years ago

Hello, I'm trying to connect and test the "wss://api.bitfinex.com/ws/2" Docs: https://bitfinex.readme.io/v2/reference#ws-public-ticker

Code:

iex(10)> uri = URI.parse "wss://api.bitfinex.com/ws/2"
%URI{
  authority: "api.bitfinex.com",
  fragment: nil,
  host: "api.bitfinex.com",
  path: "/ws/2",
  port: 443,
  query: nil,
  scheme: "wss",
  userinfo: nil
}
iex(11)> conn = WebSockex.Conn.new uri                
%WebSockex.Conn{
  cacerts: nil,
  conn_mod: :ssl,
  extra_headers: [],
  host: "api.bitfinex.com",
  insecure: true,
  path: "/ws/2",
  port: 443,
  query: nil,
  socket: nil,
  socket_connect_timeout: 6000,
  socket_recv_timeout: 5000,
  transport: :ssl
}
iex(12)> start_link = WS.start_link conn, :fake_state 
[info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'cipher', 32, 'received SERVER ALERT: Fatal - Bad Record MAC', 10]
{:error, %WebSockex.ConnError{original: {:tls_alert, 'bad record mac'}}}
iex(13)>

Its some limitation in lib or im doing something wrong?

Azolo commented 6 years ago

This is actually an issue with SSL negotiation.

I don't know if it's a problem with something I'm doing though.

Could you see which version of Erlang and OpenSSL you are using?

mbenatti commented 6 years ago

Thanks for a quick response,

Info's below:

erlang 20.1
elixir 1.6.0
OpenSSL> version
OpenSSL 1.1.0g  2 Nov 2017
Linux ThinkPad-T440 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

mbenatti commented 6 years ago

ok... seems something different with ssl library in erlang 20 or a bug.

I switch to erlang 19.3 and it worked:

iex(1)> uri = URI.parse "wss://api.bitfinex.com/ws/2"
%URI{
  authority: "api.bitfinex.com",
  fragment: nil,
  host: "api.bitfinex.com",
  path: "/ws/2",
  port: 443,
  query: nil,
  scheme: "wss",
  userinfo: nil
}
(search)`':                                                
nil
iex(3)> 
nil
iex(4)> conn = WebSockex.Conn.new uri
%WebSockex.Conn{
  cacerts: nil,
  conn_mod: :ssl,
  extra_headers: [],
  host: "api.bitfinex.com",
  insecure: true,
  path: "/ws/2",
  port: 443,
  query: nil,
  socket: nil,
  socket_connect_timeout: 6000,
  socket_recv_timeout: 5000,
  transport: :ssl
}
iex(5)> WS.start_link conn, :fake_state
Handle Connect
{:ok, #PID<0.476.0>}
Received Message - Type: :text -- Message: "{\"event\":\"info\",\"version\":2}"

Azolo commented 6 years ago

I really want to say that's surprising, but I can't. I honestly don't know how Erlang's SSL library works and trying to figure it out may be the death of me.

I don't think I'm going to spend much time trying to figure this one out, I don't think my sanity can handle another dive into Erlang SSL at the moment. However, I'm going to leave this open in hopes that some kind soul will come and tell us what is happening here.

spunkedy commented 6 years ago

@Azolo while trying to find a resolution for my issues I found this:

https://bugs.erlang.org/browse/ERL-538

looks like otp 21 works ?