OTP 25 timeout

[dvic]

We're seeing weird behaviour with OTP 25 (Elixir 1.13.4):

iex(1)> Mint.HTTP.connect(:https, "login.microsoftonline.com", 443)
{:error, %Mint.TransportError{reason: :timeout}}

With OTP 24:

iex(1)> Mint.HTTP.connect(:https, "login.microsoftonline.com", 443)
Mint.HTTP.connect(:https, "login.microsoftonline.com", 443)                        
{:ok,
 %Mint.HTTP1{
   buffer: "",
   host: "login.microsoftonline.com",
   mode: :active,
   port: 443,
   private: %{},
   proxy_headers: [],
   request: nil,
   requests: {[], []},
   scheme_as_string: "https",
   socket: {:sslsocket, {:gen_tcp, #Port<0.42>, :tls_connection, :undefined},
    [#PID<0.4737.0>, #PID<0.4736.0>]},
   state: :open,
   streaming_request: nil,
   transport: Mint.Core.Transport.SSL
 }}

Any idea what's causing this difference?

[dvic]

By the way: it seems specific to login.microsoftonline.com, for example, github.com works just fine. Could it be because tls 1.0 and tls 1.1 is enabled? https://www.ssllabs.com/ssltest/analyze.html?d=login.microsoftonline.com&s=20.190.151.9&hideResults=on&ignoreMismatch=on

[whatyouhide]

@dvic heyo, thanks for the report. Yep, it could be a set of things, but I don't really have a clue 😄 I don't have cycles to dedicate to Mint right now, but figured I would maybe ping @voltone to see if this is something that they've seen already 🙃

[voltone]

This does appear to be an issue in :ssl in OTP 25. I haven't seen prior reports and I didn't find a ticket/PR in the OTP repo. If I have some time later I will have a closer look...

[voltone]

I think this is due to https://github.com/erlang/otp/pull/6037. I'm having some trouble building OTP from source, so I won't be able to verify this today, but if this is indeed the case I suspect it will be addressed in an upcoming patch release of OTP 25.

[dvic]

I think this is due to erlang/otp#6037. I'm having some trouble building OTP from source, so I won't be able to verify this today, but if this is indeed the case I suspect it will be addressed in an upcoming patch release of OTP 25.

Hmm, not 100% sure if this is the issue because it looks like that PR fixes https://github.com/erlang/otp/issues/5961, which is about OTP 24.3.4, and we just downgraded to that version and it has no problems.. But thanks for looking into it!

[voltone]

I'm also not 100% sure, but that issue does seem to relate to the difference in the way Windows server send the ServerHello: that was the main difference between the failing handshake and a working one, according to Wireshark. And in tracing the difference through the :ssl source code I did come across some suspicious code that is being touched by that PR I mentioned. Anyway, I'll see if I can look into it more tomorrow.

[whatyouhide]

Awesome, thank you so much @voltone ❤️

[sorentwo]

We also ran into this issue for one of our failing API calls, but we're using Hackney. As part of the troubleshooting process, I rebuilt the request with Req, which also failed with a timeout. I can also confirm that the exact requests work as expected with OTP 24—this is specific to OTP 25 and is not related to anything mint is doing.

[whatyouhide]

Awesome, thanks for the insight @sorentwo. I’m going to close this issue since it's not Mint specific. Thanks all! 💟

[dvic]

@voltone I can confirm that the HEAD git OTP version fixes this issue.

[ericmj]

Thanks for the update @dvic

[dvic]

Another update: OTP 25.0.1 is released and this contains the fix :) 👍