Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

3.5.0 Error: write EPROTO 3343909432:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569: #5446

Closed
natkrish opened this issue Oct 24, 2019 · 63 comments · Fixed by #6130 · May be fixed by qsays/grafana#1
Assignees

Comments

@natkrish
Copy link

Current behavior:

I upgraded my cypress version from 3.4.1 to 3.5.0. All my tests were working fine on 3.4.1 but when running on 3.5.0 - I get errors see attached screenshot.

Desired behavior:

I should be able to run my tests without any problems.

Steps to reproduce: (app code and test code)

Unfortunately, I dont have the time to create a dummy project just for this issue. I am sure its to do with version 3.5.0. Please fix it ASAP

Versions

Cypress : 3.5.0
OS: Windows 10
Browser: Chrome 77
Node: 11.7.0
image
image

@jennifer-shehane
Copy link
Member

@natkrish Thanks for opening an issue. Without a reproducible example, this issue will take longer to fix without this because we have to find the exact circumstances this fails.

Could you provide any more details surrounding your project and this test.

  • Are you behind a proxy?
  • You are writing cy.request() - are you passing any options?
  • Do you have any options sent to cy.server() that overwrite defaults?
  • What is the expected result of your cy.request()? 200, 300??
  • Does the url usually do any redirects?
  • Is the url http or https
  • Do you have any special SSL configuration?

@jennifer-shehane jennifer-shehane added the stage: needs information Not enough info to reproduce the issue label Oct 24, 2019
@natkrish
Copy link
Author

natkrish commented Oct 24, 2019

@jennifer-shehane thanks for your response. I understand that its not possible to reproduce without a working example - may be when i get sometime I will try and do a simple example.

Are you behind a proxy?

Yes

You are writing cy.request() - are you passing any options?

Yes I use it but with no options. But i wasn't executing that test.

Do you have any options sent to cy.server() that overwrite defaults?

Yes I use it but with no options. But i wasn't executing that test.

What is the expected result of your cy.request()? 200, 300??

I am not sending cy.request();

Does the url usually do any redirects?

Nope

Is the url http or https

https:

Do you have any special SSL configuration?

not really

@natkrish
Copy link
Author

I was able to run the same tests in 3.4.1 with success. But with 3.5.0 its not even trying to open the url.

@jennifer-shehane
Copy link
Member

Sorry @natkrish, I assumed this was an error from a cy.request() just from the messaging of the error. This is happening during a cy.visit()?

@natkrish
Copy link
Author

Yes it is happening when i start my tests with cy.visit('/') - and I have set up the base url in cypress.json

@itsnathandaily
Copy link

I upgraded to 3.4.1 and I'm having the same issue

@flotwig flotwig self-assigned this Oct 25, 2019
@flotwig
Copy link
Contributor

flotwig commented Oct 25, 2019

boringssl is the custom OpenSSL-alike implementation Electron uses (also bundled with Chromium): electron/electron#20204

We had a similar issue with certain certs that was a result of a bug in the version of OpenSSL bundled with Node in 3.4.1. Updating Node should've fixed that. We also updated Electron from 2 to 5 in 3.5.0, and in Electron 4, they switched from OpenSSL in Node to boringssl.

You can see issues with boringssl in Electron here: https://github.com/electron/electron/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+boringssl

@natkrish @itsnathandaily Can one of you share a URL that shows this behavior when cy.visit()ed? It would be a big help to track this down.

@natkrish
Copy link
Author

@flotwig - unfortunately, its not possible for me to share the url reason being I was using our internal test environments which works fine with 3.4.1. That site pretty much looks similar to this one - so may be you can use it to test cy.visit(). https://onlinedoctor.lloydspharmacy.com/

@flotwig
Copy link
Contributor

flotwig commented Oct 29, 2019

@natkrish I tried running this test, and it works:

it('', () => {
  cy.visit('https://onlinedoctor.lloydspharmacy.com/')
})

Is there a difference in how you generate certs for production and development? It could be some weird cipher suite or option you're using in your development certificate conflicting with Electron.

@GarthyCheang
Copy link

I have this problem. this case maybe CA is old. Chrome can show “Your connection is not private“ Warning in new version.

"chromeWebSecurity": false in cypress.json

this setting is not work, how to miss this warning?? @jennifer-shehane

@flotwig
Copy link
Contributor

flotwig commented Oct 31, 2019

@GarthyCheang Are you talking about this?

image

^ That's normal, that's just there because Cypress uses it's own CA to intercept HTTPS traffic for tests.

@GarthyCheang
Copy link

@flotwig yes! Cypress show network issue, and then can't testing the app

@natkrish
Copy link
Author

natkrish commented Nov 5, 2019

@flotwig @jennifer-shehane After updating cypress to 3.6.0 version i no longer get this issue anymore. Hence closing this ticket for now.

@natkrish natkrish closed this as completed Nov 5, 2019
@Mkots
Copy link

Mkots commented Nov 5, 2019

I still have this issue even on "cypress": "3.6.0", and Chrome 78 (Electron 73 and Chromium 78 have the same)
The stack trace for this error is:

Error: write EPROTO 38265138154120:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569:

    at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:82:16)

      at Object.cypressErr (http://localhost:35175/__cypress/runner/cypress_runner.js:104940:11)
      at Object.throwErr (http://localhost:35175/__cypress/runner/cypress_runner.js:104895:18)
      at Object.throwErrByPath (http://localhost:35175/__cypress/runner/cypress_runner.js:104927:17)
      at http://localhost:35175/__cypress/runner/cypress_runner.js:91060:31
      at visitFailedByErr (http://localhost:35175/__cypress/runner/cypress_runner.js:90566:12)
      at http://localhost:35175/__cypress/runner/cypress_runner.js:91059:22
      at tryCatcher (http://localhost:35175/__cypress/runner/cypress_runner.js:138967:23)
      at Promise._settlePromiseFromHandler (http://localhost:35175/__cypress/runner/cypress_runner.js:136903:31)
      at Promise._settlePromise (http://localhost:35175/__cypress/runner/cypress_runner.js:136960:18)
      at Promise._settlePromise0 (http://localhost:35175/__cypress/runner/cypress_runner.js:137005:10)
      at Promise._settlePromises (http://localhost:35175/__cypress/runner/cypress_runner.js:137080:18)
      at Async../node_modules/bluebird/js/release/async.js.Async._drainQueue (http://localhost:35175/__cypress/runner/cypress_runner.js:133692:16)
      at Async../node_modules/bluebird/js/release/async.js.Async._drainQueues (http://localhost:35175/__cypress/runner/cypress_runner.js:133702:10)
      at Async.drainQueues (http://localhost:35175/__cypress/runner/cypress_runner.js:133576:14)

The certificate for my site was generated via https://github.com/FiloSottile/mkcert

@yana-shapka
Copy link

yana-shapka commented Nov 6, 2019

I am having the same issue. (3.6.0)

Error: write EPROTO 3839146440:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569:

    at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:82:16)

@jennifer-shehane
Copy link
Member

Reopening since people seem to still be having this issue.

@Sigalsha
Copy link

Sigalsha commented Nov 7, 2019

Same thing for me:
I upgraded my cypress version from 3.4.1 to 3.6.0. All my tests were working fine on 3.4.1 but once I upgraded to 3.6.0 - I get errors when using cy.request() and even cy.visit():

cy.visit() :
image
image

cy.request() :
image
image
image

@flotwig
Copy link
Contributor

flotwig commented Nov 7, 2019

@Mkots I tried to use mkcert to generate a cert that would reproduce this issue, but couldn't get Electron to throw the unsupported_protocol error even with a mkcert cert.

Can you please check out my repo and let me know what the difference is between my gen-cert.sh and the command you use to generate testing certificates?

https://github.com/flotwig/electron-boringssl-repro

@flotwig
Copy link
Contributor

flotwig commented Nov 7, 2019

For anyone experiencing this issue - if you can try running your tests with debug logs enabled, and share those logs here, it will show some more information which we can use to get to the root of the issue.

  • On Linux/macOS: DEBUG=cypress:* cypress ...
  • On Windows: npx cross-env DEBUG=cypress:* cypress ...

Make sure to scrub any private data from the logs before sharing here.

@mutongwu
Copy link

+1

it happens when visit self-signed certificate website.

@vrodnyanskiy
Copy link

Same here in 3.6.1
Was working in 3.4.1

Common situations why this would fail:

  • you don't have internet access
  • you forgot to run / boot your web server
  • your web server isn't accessible
  • you have weird network configuration settings on your computer

The stack trace for this error is:

RequestError: Error: write EPROTO 140723175747320:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569:

at new RequestError (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request-promise-core/lib/errors.js:14:15)
at Request.plumbing.callback (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request-promise-core/lib/plumbing.js:87:29)
at Request.RP$callback [as _callback] (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request-promise-core/lib/plumbing.js:46:31)
at self.callback (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request/request.js:185:22)
at Request.emit (events.js:194:13)
at Request.onRequestError (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request/request.js:877:8)
at ClientRequest.emit (events.js:199:15)
at TLSSocket.socketErrorListener (_http_client.js:401:9)
at TLSSocket.emit (events.js:194:13)
at errorOrDestroy (internal/streams/destroy.js:107:12)
at onwriteError (_stream_writable.js:436:5)
at onwrite (_stream_writable.js:461:5)
at internal/streams/destroy.js:49:7
at TLSSocket.Socket._destroy (net.js:600:3)
at TLSSocket.destroy (internal/streams/destroy.js:37:8)
at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:83:12)

@natkrish
Copy link
Author

natkrish commented Dec 5, 2019

@jennifer-shehane I think this is still an issue on my side too with version 3.7.0. The good thing is it doesnt throw this error when running local but happens when running it on jenkins.
image

@Mkots
Copy link

Mkots commented Dec 5, 2019

@flotwig Sorry for the late reply, now I can't reproduce this behaviour, I think this error was connected with my environment, unfortunately, I don't know any concrete causes

@nkrishna79
Copy link

@jennifer-shehane @flotwig I think this issue is still happening on 3.8.0 unfortunately.

@natkrish
Copy link
Author

can someone help me with a solution for this issue please? At the moment, i had to downgrade it to 3.4.1 due to this error and i am losing a lot of good features as a result of this.

@flotwig
Copy link
Contributor

flotwig commented Dec 13, 2019

Still looking for DEBUG logs from anyone experiencing this issue:

For anyone experiencing this issue - if you can try running your tests with debug logs enabled, and share those logs here, it will show some more information which we can use to get to the root of the issue.

* On Linux/macOS: `DEBUG=cypress:* cypress ...`

* On Windows: `npx cross-env DEBUG=cypress:* cypress ...`

Make sure to scrub any private data from the logs before sharing here.

It is probably a result of incompatibility between Electron and certain SSL configurations.

@jthannah
Copy link

jthannah commented Jan 8, 2020

After reading what @cjones2-sandia said about TLS versions, I pointed our Cypress tests to another internal site that uses TLS 1.2 and the tests worked fine. Pointing them back to our normal development server which only supports TLS 1.0 and the tests fail with the error here. I also believe that the issue has something to do with the TLS version. I've asked our devOps team to upgrade our development servers and will report back if things start working when they do.

@flotwig
Copy link
Contributor

flotwig commented Jan 8, 2020

The openssl output I received from @natkrish also used TLSv1, I also suspect that using TLSv1 could be what triggers this bug.

I am still trying to create a TLSv1 server to reproduce this issue, I attempted to write one in Node.js but it does not work. I suspect I will have to use nginx.

My non-working repro code:

const https = require('https')
const cert = require('https-pem')

const port = process.env.PORT || 12345

const server = https.createServer({
  maxVersion: 'TLSv1',
  ...cert
}, (req, res) => {
  res.setHeader('content-type', 'text/html') // required by Cypress cy.visit
  res.end('foo')
})

server.listen(port, () => {
  console.log(`listening at https://127.0.0.1:${port}`)
})

@jthannah
Copy link

jthannah commented Jan 9, 2020

@flotwig What you had was real close! I was able to reproduce the error with this node server:

const https = require('https')
const cert = require('https-pem')

const port = process.env.PORT || 12345

const server = https.createServer({
   //secureProtocol: 'TLSv1_2_server_method',
   secureProtocol: 'TLSv1_server_method',
  ...cert
}, (req, res) => {
  res.setHeader('content-type', 'text/html') // required by Cypress cy.visit
  res.end('foo')
})

server.listen(port, () => {
  console.log(`listening at https://127.0.0.1:${port}`)
})

Run it as is and then hit with cy.visit(), you'll see the error. Then swap the secureProtocol setting to use TLSV1.2 and run the same cy.visit() and page loads successfully.

@natkrish
Copy link
Author

natkrish commented Jan 9, 2020

@flotwig do you think a fix is possible or should this be reported upstream? Will be good to know who is responsible for fixing this so that I can make some decisions regarding staying put with 3.4.1 (this is the only cypress version which works with TLS1)

@flotwig
Copy link
Contributor

flotwig commented Jan 9, 2020

Run it as is and then hit with cy.visit(), you'll see the error. Then swap the secureProtocol setting to use TLSV1.2 and run the same cy.visit() and page loads successfully.

@fourthmeal70 Nice, got it working. I notice that I get this error:

Error: write EPROTO 1942426598472:error:1000042e:SSL routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION:../../third_party/boringssl/src/ssl/tls_record.cc:587:SSL alert number 70

Which is different from the error in the OP, which was:

Error: write EPROTO 3343909432:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569: 

So I wonder if this is actually an accurate representation of the real issue.

Still, we can fix the TLSV1_ALERT_PROTOCOL_VERSION error in Cypress by updating the network code to pass a minVersion of TLSv1 (the default is TLSv1.2). I'll open a PR: #6130


do you think a fix is possible or should this be reported upstream?

@natkrish See above - we can fix the TLSV1_ALERT_PROTOCOL_VERSION, but without a reproducible example for the UNSUPPORTED_PROTOCOL error, it's uncertain if this will also fix the UNSUPPORTED_PROTOCOL error.

You can pull down my PR and see if it does indeed fix your issue, that would be super helpful: #6130

flotwig added a commit that referenced this issue Jan 9, 2020
@cypress-bot cypress-bot bot added stage: work in progress and removed stage: needs information Not enough info to reproduce the issue labels Jan 9, 2020
@nkrishna79
Copy link

@flotwig definitely I will it pull it down and report back either tonight or tomorrow AM. Thanks so much for this investigative and fixing work. Much appreciated. Hopefully it will work. Fingers crossed!

@jthannah
Copy link

jthannah commented Jan 9, 2020

@flotwig Good catch! I was just excited that an error appeared.. obviously I didn't look closely enough at it haha.

Anyway, I pulled down your PR and tested on my end and everything appears to work! 🎉
So it looks like the change may have fixed both errors we've now seen. I'm interested to see if @natkrish gets the same results.

@nkrishna79
Copy link

@fourthmeal70 if you don’t mind can you let me me know the steps that you took to do a pull down? Sorry this is my first time with PR stuff hence asking.

@flotwig
Copy link
Contributor

flotwig commented Jan 9, 2020

@fourthmeal70 if you don’t mind can you let me me know the steps that you took to do a pull down? Sorry this is my first time with PR stuff hence asking.

You should just be able to clone the repo, checkout my branch, npm i, and start it. Like this:

git clone https://github.com/cypress-io/cypress.git
cd cypress
git checkout issue-5446-tlsv1-fix
npm i
npm run cypress:open  # same as `cypress open`, use `cypress:run` if you want to test `cypress run`

@natkrish
Copy link
Author

natkrish commented Jan 9, 2020

@flotwig thanks. Working on it. Will let you know shorltly

@natkrish
Copy link
Author

natkrish commented Jan 9, 2020

@flotwig Yessssssssssssssssssssssssssss I can confirm that it is now working with your fix in place. 👍

@cypress-bot cypress-bot bot added stage: needs review The PR code is done & tested, needs review and removed stage: work in progress labels Jan 9, 2020
@flotwig
Copy link
Contributor

flotwig commented Jan 9, 2020

Awesome, thanks for checking! Will work on getting this merged and released.

@natkrish
Copy link
Author

natkrish commented Jan 9, 2020

@flotwig Thanks so much. Looking forward to it.

@natkrish
Copy link
Author

@flotwig how long will it take for cypress to release the next version with this bug fix?

@flotwig
Copy link
Contributor

flotwig commented Jan 16, 2020

@natkrish it should be in 3.8.3 which is scheduled for next Friday

@cypress-bot
Copy link
Contributor

cypress-bot bot commented Jan 16, 2020

The code for this is done in cypress-io/cypress#6130, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

@cypress-bot
Copy link
Contributor

cypress-bot bot commented Jan 24, 2020

Released in 3.8.3.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v3.8.3, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Jan 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet