Http request node to https results in requesterror ssl alert

weha · May 16, 2024, 2:32pm

I migrated my Nodered flows from a stand alone container to a “home assistant addon”
Everything seems to work except an http request to an https site.
I tried to find a solution but except from a long closed thread on nodered github I don’t find any solution to this.

In the http request on my standalone container “enable secure connection” was disabled.
So I tried enabling this but there isn’t much I can configure nor is there any explaination what should be configured.
This seems to be just a client certificate (which I don’t need) and some other filters which I don’t need either.

The site (not exact url): https://web-api.tp.entsoe.eu

The error:
RequestError: write EPROTO D8D914775C7F0000:error:0A000458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1590:SSL alert number 112

Mikefila · May 16, 2024, 7:54pm

I can’t reach that link in a browser. I can tell you I am on a http haos install and have no problem retrieving results from https sites. Have you tried another https source to see if this is consistent or just this site?

If I search this error I get results, not NR, but all pretty much point at a proxy problem.

weha · May 16, 2024, 8:08pm

Well maybe it’s geoblocked but you should get a “forbidden” message.
To be complete, tried google.com, same error
And there is no proxy, and it works an a standalone nodered

Mikefila · May 16, 2024, 8:20pm

Could you try from home assistant using a restful command. To see if it is between HA and NR or HA and the internet

weha · May 17, 2024, 5:35am

I mean… I have multiple cloud integrations so I reckon a REST call would work as well.
Unless this would go through some kind of proxy?

Mikefila · May 17, 2024, 9:40am

We won’t know if you don’t try. To use the rest call add to your configuration.yaml, use the address you are trying to reach.

rest_command:
  entsoe:
    url: https://request node site
    method: GET

then restart. Go to dev tools → services → search for entsoe and hit the call service button. The response from the site will appear below.

WallyR · May 17, 2024, 11:19am

Some websites require extra header informations, like browser version.

weha · May 17, 2024, 1:56pm

This works fine, status 200 and I see the content.

weha · May 17, 2024, 1:57pm

If that were the case, it wouldn’t work on the standalone.
Even so, it’s an SSL error, this is before headers matter.

Mikefila · May 17, 2024, 4:29pm

Have you changed anything in the settings.js file for NR? You can also try deleting the http node, deploy, drag out a new one. Other than that, I don’t know of anything else to try.

weha · May 17, 2024, 6:40pm

No, I did compare it now with the standalone but I don’t see anything strange or related to this issue.
I also never changed the standalone nodered settings.js.

Tried removing and adding but same error

Mikefila · May 17, 2024, 7:18pm

I don’t think it will be a different outcome but you can use an exec node. Use curl like you would on a command line.

weha · May 18, 2024, 11:45am

curl works in exec… so what does this even mean?
Is nodered missing a package or something?

Or why does it say ssl3_read_bytes:tlsv1, I reckon it’s not using 1.2+ or some reason? but I don’t where I can configure that.

mrWhite · June 4, 2024, 9:15pm

Experiencing similar issues here. Started happening after migrating to a new host (ubuntu 24.04) and updating nodered (to v3.1.9). Not sure which of the two actions could have caused it. Only http request work. Even for a website like google.com.

WallyR · June 4, 2024, 10:40pm

One cause to the error message might be missing SNI data when connection to a multi-host web server.
https://www.cloudflare.com/learning/ssl/what-is-sni/

weha · July 11, 2024, 1:07pm

So, this problem is not only with the http requests but also e-mailing

Error: D8594C9BFD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:…/deps/openssl/openssl/ssl/record/ssl3_record.c:354:

WallyR · July 11, 2024, 4:59pm

This is definitely a name lookup issue.
Either with SNI data in your request or your DNS service in you Node Red setup.

weha · July 12, 2024, 1:17am

DNS is not the issue.
SNI data… I mean ok, who can fix that? As it works in a standalone NodeRed docker…

Mikefila · July 12, 2024, 4:07pm

I think this is related to the way HAOS layers containers. According to the docs NR addon uses/ssh for cert location and that can’t be changed. For example, when using shell commands, you need to create new certs in the config folder for them to work.

How does this apply here, I’m not sure. What you can do is download wire shark and monitor your HA IP and make the request. IIRC bounced https requests will be highlighted in black. You will be able to see what was sent and what the response was, from that you should be able to see exactly what is going on.

Edit: I am assuming that the HA stores ssl certs in the same location/level as the ssh certs, which is not accessible when running commands.

weha · July 13, 2024, 4:40pm

How is this related to cert location?
Even if it was, than curl wouldn’t work as well, which it does.
And even if I see what happens in wireshark, I’m not going to be able to fix it.
So who do I talk to? or where?