search

valpackett / httpotion

[Deprecated because ibrowse is not maintained] HTTP client for Elixir (use Tesla please)
https://hexdocs.pm/httpotion/readme.html
The Unlicense
725 stars 100 forks source link

Does HTTPotion Support SNI? #119

Closed Preen closed 6 years ago

Preen commented 6 years ago

Getting handshake failure when I try to use it against aws cloudfront which currently (if you pick the free version of certificate) only allows clients that supports SNI.

%HTTPotion.ErrorResponse{message: "{:tls_alert, 'handshake failure'}"}

valpackett commented 6 years ago

It should work I think…

What Erlang version are you using? Are you using an HTTP proxy? Can you connect to that domain with raw ssl module? like :ssl.connect('example.com', 443, [])

Preen commented 6 years ago

I want to be able to specify ssl version. With HTTPoision this works.

# Either use this

HTTPoison.get("https://example.com/", [], [ssl: [{:versions, [:'tlsv1.2']}]])

# or worst case:

HTTPoison.get("https://example.com/", [], [ssl: [{:verify, :verify_none}]])
valpackett commented 6 years ago

Damn, Erlang ssl's behavior is so weird, why does it only automatically set SNI if you force TLS 1.2 o_0

You can probably do something like that:

HTTPotion.get("https://example.com/", [ibrowse: [ssl_options: [{:versions, [:'tlsv1.2']}]]])

But it seems like you can also pass the hostname as the server_name_indication option instead of TLS 1.2. HTTPotion should automatically do this. I'll implement that soon.

valpackett commented 6 years ago

Done. SNI should work automatically on current master.