Getting "Error doing job: SSL handshake failed" spam in log, any ideas?

Log Details (ERROR)
Tue Oct 16 2018 08:08:30 GMT+0200 (Central European Summer Time)

Error doing job: SSL handshake failed
Traceback (most recent call last):
File “uvloop/handles/stream.pyx”, line 609, in uvloop.loop.UVStream._on_eof
File “uvloop/sslproto.pyx”, line 171, in uvloop.loop._SSLPipe.feed_ssldata
File “/usr/local/lib/python3.6/ssl.py”, line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:841)

Running 80.3 on HassOS, every 1 sec there is this entry…

    2018-10-20 10:35:34 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
    Traceback (most recent call last):
      File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
      File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
      File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
        self._sslobj.do_handshake()
    ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
    2018-10-20 10:35:34 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
    Traceback (most recent call last):
      File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
      File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
      File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
      File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
        self._sslobj.do_handshake()
    ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Funny thing is SSL connection shows a valid certiicate, but the SSL sensor shows ‘unknown’ days left ???

Same issue here, but I think that can be related with local HA access.
I post other reply here: Connectivity Issues - duckdns

I have the same issue but I don’t use duckdns. I’m on docker if that makes any difference.
Everything else works…
I get slight variations though.
Here is one:

2018-10-26 08:54:06 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: UNSUPPORTED_PROTOCOL
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:841)

and a different one:

2018-10-26 01:30:25 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

and a third one:

2018-10-26 01:29:38 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)

and

2018-10-25 22:04:09 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: NO_SHARED_CIPHER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:841)

last one:

2018-10-25 09:36:18 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: DECRYPTION_FAILED_OR_BAD_RECORD_MAC
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: DECRYPTION_FAILED_OR_BAD_RECORD_MAC] decryption failed or bad record mac (_ssl.c:841)

The key difference is the first and last line…

Add the following in the http: section in configuration.yaml:

ssl_profile: intermediate

Thanks, for now it looks like it’s solving my issue.
And I don’t know if this is related (seems an awful lot of coincidence) or upgrade to 0.81 but I also no longer have issues on my scrape sensors (this post)

sorry, SSL issues are still here even witht the ssl_profile: intermediate entry:

2018-10-29 17:23:54 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)
2018-10-29 17:23:54 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)
2018-10-29 17:23:54 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)
2018-10-29 17:23:54 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)

Hi,

Since I also see these ssl mentions in the logs, I’d love to solve that. Before I dare to though, may I ask where this option is documented, and why this could solve the issue at hand?

There’s an open issue on github. It was mentioned there. Can’t find it at the moment.

ssl_profile: intermediate did not work for me either.

1 Like

Can’t find the issue on GitHub either ATM. And I’ve seen the SSL errors back too… Oh well…

you can find it in the http doc:

ayes, never saw that before, thank you. pointing to Security/Server Side TLS - MozillaWiki and all about compatibility.
Still, lowering to intermediate feels like less secure, while in fact the errors might origin elsewhere, or need the originators to ‘modernize’. Not sure if we should do that.

well i tried and it doesn’t fix it anyway…

I also use docker and have the same kind of errors.

Figured I’d chime in; I’m getting the same errors as well.

Has anyone had any traction on this? Is it posted to Github, or do we have any visibility?

Cheers

I’m getting this on 0.83.X rolled back for now as I’m not sure what implications it might have. I’ve chimed in on a Github issue that has previously been opened here.

https://github.com/home-assistant/home-assistant/issues/17639

1 Like

I think I’m in the same boat you are, running in docker, custom domain, lets encrypt cert, valid (non-expired) cert, etc. My logs are filling up with the damn ssl errors. I’ll provide another use-case on the github issue.

1 Like

I rolled back a couple of days ago and everything was fine. This evening I have upgraded to see if the latest version some how fixed the issue but no luck.

Now strangely I have just rolled back once again to 82.1 which didn’t show the errors when I rolled back last time but is now showing the errors. A little worried if this leaves me vulnerable to anything.

I seriously doubt this would cause any kind of remote execution issue, or any kind of unauthorized access. We still have a valid cert, and the user authentication mechanism in place.

If you’re seeing / following this thread, please go :+1: this github issue, the more attention it gets, the faster it would get resolved: https://github.com/home-assistant/home-assistant/issues/17639