search

home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
73.46k stars 30.69k forks source link

SSL handshake Fail #17639

Closed p-j-o closed 4 years ago

p-j-o commented 6 years ago

Home Assistant release with the issue:

0.80.3 on Raspberrypi3

Last working Home Assistant release (if known):

Operating environment (Hass.io/Docker/Windows/etc.):

HassOs 1.10

Component/platform:

SSL Handshake fail & SSL Error using DuckDNS/Let's Encrypt Addon

Description of problem: the following error repeats in the log every 1 second...

2018-10-20 11:29:11 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-10-20 11:29:11 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):

Traceback (if applicable):

Additional information:

cgarwood commented 6 years ago

Please post your http: config from configuration.yaml

p-j-o commented 6 years ago

HTTP config is as follows:

http:
  api_password: !secret http_password
  base_url: https://<myduckdnsname>.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: True
  login_attempts_threshold: 5
fcollingwood commented 6 years ago

I have the same issue.

0.81 on RPi3, HassIO.

http:
     base_url: <myduckdnsname>.duckdns.org
     ssl_certificate: /ssl/fullchain.pem
     ssl_key: /ssl/privkey.pem
     ssl_profile: intermediate

Notes:

  1. Traffic to port 443 on my external router interface is forwarded to port 8123 on my HassIO platform.
  2. Traffic to port 8123 on my external router interface is also forwarded to port 8123 on my HassIO platform.
  3. I have tried various permutations of base_url, including, but not limited to:
    • https://\.duckdns.org
    • https://\.duckdns.org:443
    • https://\.duckdns.org:8123
    • \.duckdns.org:443
    • \.duckdns.org:8123
2018-10-29 15:35:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
 Traceback (most recent call last):
   File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
   File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
   File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
 2018-10-29 15:35:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
 Traceback (most recent call last):
   File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
   File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
   File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
   File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
mlewand commented 5 years ago

Have exact same problem running Home Assistant 0.82.1 with only 9 (I guess core) components loaded:

So I don't think it's an upstream/3rd party issue as suggested in other issues.

I'm running Home Assistant on Raspberry Pi 3 using official Docker image. The certificates are freshly generated with Let's Encrypt.

Same thing happens when running Home Assistant on Win10.

JIOB commented 5 years ago

I have just gotten this everything was fine on versions mentioned above.

0.83.2 Running on Docker Using my own domain SSL certs

atx-coder commented 5 years ago

Same Errors Here.

Running in Docker with the following compose:

version: '3'
services:
  homeassistant:
    image: homeassistant/home-assistant
    container_name: homeassistant
    volumes:
      - ../data/:/config
      - /etc/localtime:/etc/localtime:ro
      - /etc/letsencrypt/:/etc/letsencrypt/
    devices:
      - /dev/ttyACM0:/dev/ttyACM0
    restart: always
    network_mode: host

Like previous commentor, I have

1. Traffic to port 443 on my external router interface is forwarded to port 8123.
2. Traffic to port 8123 on my external router interface is also forwarded to port 8123.

my http config is:

http:
  api_password: !secret api_password
  ssl_certificate: !secret cert_path
  ssl_key: !secret ssl_key
  base_url: !secret public_url
  ip_ban_enabled: True
  login_attempts_threshold: 3

Secrets:

cert_path: /etc/letsencrypt/live/home.mydomain.com/fullchain.pem 
ssl_key: /etc/letsencrypt/live/home.mydomain.com/privkey.pem
public_url: https://home.mydomain.com

Error:

2018-12-04 11:36:06 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: VERSION_TOO_LOW] version too low (_ssl.c:847)
2018-12-04 11:36:06 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: VERSION_TOO_LOW
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: VERSION_TOO_LOW] version too low (_ssl.c:847)
2018-12-04 11:36:31 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:847)
2018-12-04 11:36:31 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: NO_SHARED_CIPHER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:847)
mlewand commented 5 years ago

Just FYI, rather than write multiple comments I think it make sense to put a 👍 reaction to the initial comment/summary.

xstrex commented 5 years ago

I also have the same issue people are reporting, SSL errors in the logs.

HA Version: 0.82.1 Running in Docker, on a Synology NAS Using my own domain Valid, non-expired cert by Letsencrypt SSL Cert Expiry sensor even works

Sample of errors

2018-12-04 07:54:15 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:847)
2018-12-04 07:55:15 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:847)

These lines repeat every 60secs; as you can imagine my log files are quite large because of this.

Happy to provide more information, as needed.

xstrex commented 5 years ago

Just FYI, rather than write multiple comments I think it make sense to put a 👍 reaction to the initial comment/summary.

Happy to 👍 the initial comment/summary, but the issue persists across multiple versions & environments. Should we start new issues for these new versions, even though we're getting the same errors?

mlewand commented 5 years ago

I don't think that adding multiple issues for the same issue is an option as these would simply be closed as duplicate. Bumping the issue with reaction seems like a reasonable option. The issue that has most 👍 so far has only 11 of them so eventually we can bring this to attention. I agree that this issue is really troublesome.

Bram1nat0r commented 5 years ago

Same issue, although not as frequent as topic initiator. Running Hassio 0.83.3 in Docker on Intel NUC. Using manually installed wildcard Let's Encrypt certificate. I am having this error log entries ever since I started using Hassio (end of August 2018).

2018-12-06 13:09:28 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888481887008] Client exceeded max pending messages [2]: 512
2018-12-06 13:09:28 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888481887008] Client exceeded max pending messages [2]: 512
2018-12-06 13:09:28 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888481887008] Client exceeded max pending messages [2]: 512
2018-12-06 13:09:28 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888481887008] Client exceeded max pending messages [2]: 512
2018-12-06 13:09:30 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888482370112] Client exceeded max pending messages [2]: 512
2018-12-06 13:18:09 ERROR (MainThread) [homeassistant.core] Error doing job: Fatal error on transport TCPTransport (error status in uv_stream_t.read callback)
TimeoutError: [Errno 110] Operation timed out
2018-12-06 13:18:09 ERROR (MainThread) [homeassistant.core] Error doing job: Fatal error on transport TCPTransport (error status in uv_stream_t.read callback)
TimeoutError: [Errno 110] Operation timed out
2018-12-06 15:20:43 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-12-06 15:20:43 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-12-06 16:40:55 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-12-06 16:40:55 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

my http config : 

    http:
      # Secrets are defined in the file secrets.yaml
      api_password: !secret http_password
      # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
      base_url: !secret public_url
      ssl_certificate: !secret cert_path
      ssl_key: !secret ssl_key
      trusted_networks:
              - ***REDACTED***
              - ***REDACTED***
              - ***REDACTED***
      ip_ban_enabled: True
      login_attempts_threshold: 5
      server_port: 8080
radiohe4d commented 5 years ago

I am getting the same errors flooding the log. I've installed a fresh version with the following:

- HassOS 1.13
- Home Assistant 0.83.3 
- Raspberry Pi 3 B

The only thing I have setup is the LetsEncrypt addon. There is nothing else setup and running on this clean install.

//-----------------------

I tried to revert back to HTTP and I found the errors went away. But like most people, I need SSL, so this is of no use but at least is some information we can use to hopefully solve this issue.

//-----------------------

I have tried the various 'fixes' throughout the the HA community forums about removing the leading 'https://' or removing the port number from the 'base_url', or adding the 'cors_allowed_origins' with the base_url as one of the items in that list. None of these had any affect.

http:
  api_password: !secret http_password
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  base_url: https://[[DDNS Address]]

//-----------------------

I have also tried playing about with ports like @fcollingwood has done above. I tired to make sure that nothing from the previous setup was still trying to talk to this new HA setup. I was hoping that my Sonoff-Tasmota devices which had a local IP setup for MQTT where trying to connect using HTTP and that was causing the issue, but that was a dead end too.

//-----------------------

Is there really no one out there that has any answers or any ability to diagnose this on going issue? I found posts about this from over a year ago. Considering how many people have an issue with this, it seems that some more thought should be put into solving it. In fact, if anyone has a decent knowledge of the code I would happily help them solve this one. I'm a .Net developer but would jump on this one if i had a little inside knowledge to get me started.

Kirchoff commented 5 years ago

I am having this issue, here is my info:

Here is the relevant configuration.yaml entry: `http: login_attempts_threshold: 3 ip_ban_enabled: True trusted_networks:

atx-coder commented 5 years ago

I am having this issue, here is my info:

  • Ubuntu 18.04 LTS + docker
  • Home Assistant 81.6
  • x64 PC

Here is the relevant configuration.yaml entry: http: login_attempts_threshold: 3 ip_ban_enabled: True trusted_networks: - 192.168.1.0/24 - 192.168.2.0/24 - 127.0.0.0/24 base_url: <redacted>.ddns.net:8123 ssl_certificate: /config/fullchain.pem ssl_key: /config/privkey.pem ^ Damn formatting - not sure how to change it.

Spaces in front of each line.

whohen commented 5 years ago

Same issue for me.

http: base_url: server_port: 8123 ssl_certificate: /config/certificate.pem ssl_key: /config/privkey.pem

yongman commented 5 years ago

It can be solved by runing an reverse nginx proxy with ssl configure and don't know why.

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
  listen 443 ssl http2;
  ssl_certificate your_cert
  ssl_certificate_key your_key
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name your.domain;

  index index.html index.htm index.php;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

  #error_page 404 /404.html;
  #error_page 502 /502.html;
  charset utf-8; 
  client_max_body_size 75M;

  location / {
      proxy_pass https://127.0.0.1:8123;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
  }
}
fcollingwood commented 5 years ago

It can be solved by runing an reverse nginx proxy with ssl configure and don't know why.

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
  listen 443 ssl http2;
  ssl_certificate your_cert
  ssl_certificate_key your_key
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name your.domain;

  index index.html index.htm index.php;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

  #error_page 404 /404.html;
  #error_page 502 /502.html;
  charset utf-8; 
  client_max_body_size 75M;

  location / {
      proxy_pass https://127.0.0.1:8123;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
  }
}

How would one go about doing this on Hassio?

yongman commented 5 years ago

It can be solved by runing an reverse nginx proxy with ssl configure and don't know why.

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
  listen 443 ssl http2;
  ssl_certificate your_cert
  ssl_certificate_key your_key
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name your.domain;

  index index.html index.htm index.php;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

  #error_page 404 /404.html;
  #error_page 502 /502.html;
  charset utf-8; 
  client_max_body_size 75M;

  location / {
      proxy_pass https://127.0.0.1:8123;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
  }
}

How would one go about doing this on Hassio?

I deploy homeassistant in synology nas with docker.

furiaceka87 commented 5 years ago

I have the same annoying issue on my configuration: Hassio with Raspberry PI 3

Relevant configuration.yaml

http:
  api_password: !secret http_password
  base_url: xxx.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

error type 1:

Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

error type 2:

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
adamjhodson commented 5 years ago

Ubuntu 18.04 LTS Docker HASSIO 84.3 or 85.1 DuckDNS & LetsEncrypt

Getting the same error as everyone above.

JSCSJSCS commented 5 years ago

Me too: hass.io 0.79.3

2019-01-13 16:53:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)
2019-01-13 16:53:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)
barrymossel commented 5 years ago

Same for me:

Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

And:

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Hassio on RPi3. Home Assistant 0.85.1.

Http configuration:

http:
  base_url: https://[myowndomain].nl:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  api_password: !secret http_password

Using Let's Encrypt for SSL.

StabbarN commented 5 years ago

I had this error but resolved it by

Give NginX SSL Proxy a try if you are stuck on this issue.

jpljonkman commented 5 years ago

I have the same problem....

Vendigroth commented 5 years ago

Had the same issue and resolved by:

andrewlphilpott commented 5 years ago

I just randomly stumbled upon this and got it up and running in about 5 minutes. No more SSL handshake issues.

https://community.home-assistant.io/t/hass-io-add-on-letsdnsocloud-custom-domain-ssl-ddns/84231/15

stygarfield commented 5 years ago

I'm having the same issues on a RPi 3 B+, HassOS 0.85.1

Error doing job: SSL handshake failed
 Traceback (most recent call last):
   File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
   File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
   File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:841)
Error doing job: SSL error errno:1 reason: UNKNOWN_PROTOCOL
 Traceback (most recent call last):
   File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
   File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
   File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
   File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:841)

HTTP configuration.yaml

http:
   ssl_profile: intermediate
   base_url: !secret http_URL
   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem
   api_password: !secret hapassword
Bram1nat0r commented 5 years ago

Give NginX SSL Proxy a try if you are stuck on this issue. That did the trick for me! Thanks!

namadori commented 5 years ago

Just a "me too" to bump the issue. Same configuration as anyone on Hassio with DuckDNS add-on and standard configuration.

My 2 cents: if this is simply "stuff" (plugins, random people on the net, hackers...) trying to connect to HA in HTTP and not HTTPS, the "handshake failed" error is not really an error, but only a refused connection... can't HA simply stop logging it?

2019-01-29 21:31:49 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last): 
File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof 
File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata 
File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake self._sslobj.do_handshake() 
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841) 

2019-01-29 21:31:49 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST Traceback (most recent call last): 
File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received 
File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata 
File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata 
File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake self._sslobj.do_handshake() 
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
Dav3UK commented 5 years ago

I am having the same problem with 87.0 - Anyone have any luck figuring out the cause. As for NginX SSL Proxy. Does anyone have some information on setting it up ?

conklech commented 5 years ago

I was seeing the SSL: HTTP_REQUEST error that this issue is directed to. I had recently enabled SSL, and had a browser tab open somewhere to http://localhost:8123/ that was trying to reconnect. As soon as I closed that tab, the errors went away.

I agree with @namadori: The real issue here is that failed client connections should not show up in the log as scary six-line "ERROR" messages. Home Assistant isn't doing anything wrong; it's correctly failing/rejecting an improper connection attempt. I'd like to filter this error or downgrade it to DEBUG.

riker09 commented 5 years ago

I was seeing the SSL: HTTP_REQUEST error that this issue is directed to. I had recently enabled SSL, and had a browser tab open somewhere to http://localhost:8123/ that was trying to reconnect. As soon as I closed that tab, the errors went away.

I agree with @namadori: The real issue here is that failed client connections should not show up in the log as scary six-line "ERROR" messages. Home Assistant isn't doing anything wrong; it's correctly failing/rejecting an improper connection attempt. I'd like to filter this error or downgrade it to DEBUG.

THANK YOU! This was messing with my log (and head) badly. I thought I made a mistake along my journey of migrating from my RPi3 to my Qnap NAS Docker installation. I closed the non-SSL tab and the errors went POOF! :slightly_smiling_face:

I still agree with @namadori that this should not be recorded in the logs as it is in the current way.

furiaceka87 commented 5 years ago

Is it possibile to set ad info instead of ERROR?

DeviousPenguin commented 5 years ago

I was having this issue, something to check if you're using the nmap device tracker, exclude your HA ip address, as nmap scanning can cause this error message to appear

EDIT: Ok, i've disabled the nmap device tracker and still getting SSL handshake errors, is there a way of showing more info on the SSL session? IE the header data?

harfordhawk commented 5 years ago

following this as I have same errors! i run in docker ubuntu 18 , letsencrypt... frustrating ...

filip-van-hoeckel commented 5 years ago

Ok, same here - for the second time around. Why do bugs like this stay open for over 6 months while not being solved in later releases?

jeffehobbs commented 5 years ago

What is up with this bug. I have it, it's annoying. We should have a clear path to resolution by now.

sirs2k commented 5 years ago

I've had the same issue since updating from 0.82 to 0.93 with both straight upgrade AND freshly setup system from scratch Very frustrating as there seems to be no solution everywhere I looked.

Please resolve it guys

conklech commented 5 years ago

@jeffehobbs @sirs2k There are over a thousand open issues. This one only results in log spam. Such comments are not constructive.

That said, there are three paths to resolution, as I outlined earlier in this thread:

  1. For users: Something is trying to connect to your server over HTTP instead of HTTPS. If it's yours, make it stop. If it isn't yours, mark it down as a failed intrusion attempt.
  2. For developers: Figure out how to catch the exception and provide a more helpful message; preferably graded warning or debug.
  3. For writers: Document that this message does not indicate anything wrong with HA, but rather something wrong with a client, and get that documentation posted somewhere visible.
sirs2k commented 5 years ago

I have so many devices all connecting to HA within my LAN and log warnings such as WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 192.168.1.1 are very vague and do not help us finding the cause of the problems

All of my devices are using https and the error I'm getting is ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056) so to me it doesn't seem like a HTTP vs HTTPS problem. I'm really at a loss

mlewand commented 5 years ago

@conklech I'm sorry but this issue is rather important for devs that use HA extensively. It effectively renders loggers unusable, which would otherwise show you real problems. Now, given the amount of logs that should not be there you just ignore it completely being unable to sniff other real issues.

If it wasn't important you wouldn't see it being the most bumped Home Assistant issue and so many people chiming in.

sarge31 commented 5 years ago

I was seeing the SSL: HTTP_REQUEST error that this issue is directed to. I had recently enabled SSL, and had a browser tab open somewhere to http://localhost:8123/ that was trying to reconnect. As soon as I closed that tab, the errors went away.

I agree with @namadori: The real issue here is that failed client connections should not show up in the log as scary six-line "ERROR" messages. Home Assistant isn't doing anything wrong; it's correctly failing/rejecting an improper connection attempt. I'd like to filter this error or downgrade it to DEBUG.

For me, I had Visual Code open with the homeassistant extension. Hadn't reconfigured the connection url after switching to SSL on homeassistant

xAPPO commented 5 years ago

I am not using DuckDNS but do use NabuCasa remote and I'm getting this error message every few seconds 0.95.1

taxilof commented 5 years ago

Had the same issues after configuration of SSL. Figured it had to be an app, that still uses http only. Turns out, node-red was still using the old URL without SSH and was trying to access HA periodically. Switched out URL tin node-red to use https and after a restart of node-red, the errors were gone.

stale[bot] commented 4 years ago

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

luca-angemi commented 4 years ago

Still having this issue in 0.102.1

stale[bot] commented 4 years ago

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.