auto-encrypt-localhost
auto-encrypt-localhost copied to clipboard
small-tech
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
just installed it and made a file server.js
const AutoEncryptLocalhost = require('@small-tech/auto-encrypt-localhost')
const server = AutoEncryptLocalhost.https.createServer()
it says it's runnig:
📜 ❨auto-encrypt-localhost❩ Local development TLS certificate exists.
✨ ❨auto-encrypt-localhost❩ HTTP server is listening on port 80.
Web server is running at https://localhost
ips [ '127.0.0.1', '192.168.0.13' ]
👉 ❨auto-encrypt-localhost❩ Redirecting HTTP request to HTTPS.
👉 ❨auto-encrypt-localhost❩ Redirecting HTTP request to HTTPS.
but opening https://localhost:80 in google chrome gives me:
This site can’t provide a secure connectionlocalhost sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
and using curl https://localhost:80 gives me:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Something seems to not work properly, but I don't have much experience with certificates yet. Any help is appreciated :-)
Here the same with curl and the --verbose flag
* Rebuilt URL to: https://localhost:80/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I'm running Linu Mint 19.3
when I initially ran the auto-encrypt-localhost server it logged:
📜 ❨auto-encrypt-localhost❩ Setting up…
📜 ❨auto-encrypt-localhost❩ Installing certutil dependency (Linux) using apt…
[sudo] password for serapath:
📜 ❨auto-encrypt-localhost❩ Creating local certificate authority (local CA) using mkcert…
📜 ❨auto-encrypt-localhost❩ Local certificate authority created.
📜 ❨auto-encrypt-localhost❩ Creating local TLS certificates using mkcert…
📜 ❨auto-encrypt-localhost❩ Local TLS certificates created.
events.js:291
throw er; // Unhandled 'error' event
^
Error: listen EACCES: permission denied 0.0.0.0:80
So I followed the README and did sudo sysctl -w net.ipv4.ip_unprivileged_port_start=0 net.ipv4.ip_unprivileged_port_start = 0, after which it ran and logged:
📜 ❨auto-encrypt-localhost❩ Local development TLS certificate exists.
✨ ❨auto-encrypt-localhost❩ HTTP server is listening on port 80.
Web server is running at https://localhost
PROBLEM
- In firefox I get
Error code: SSL_ERROR_RX_RECORD_TOO_LONGwith auto-encrypt-localhost module. - running:
openssl s_client -connect localhost:80for auto-encrypt-localhost gives me:
CONNECTED(00000005)
140364042203584:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 311 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
I found another module https://www.npmjs.com/package/https-localhost which seems to do something similar to auto-encrypt-localhost, and when it runs, I can actually navigate to https://localhost and the server responds, but google chrome still tells me the certificate is invalid.
- In firefox I get
Error code: SEC_ERROR_BAD_SIGNATUREwith that https-localhost module.
Is there a way to:
- remove the certificate?
- check the certificate?
- list all the certificates?
It seems something with the certificate didn't properly work, but I'm not sure how to debug that. I'm happy for any pointers :-)
Hmm, sorry for the hassle. It seems like the initial run permission error might be to blame. I will look into how we can handle that better.
In the meanwhile, can you please try deleting the configuration and trying again? The following should do it:
rm -rf ~/.small-tech/auto-encrypt-localhost
Oh, didn't notice that it created this in my home folder. I removed it. Sadly, it still didn't solve the issue.
node serve.js
📜 ❨auto-encrypt-localhost❩ Setting up…
📜 ❨auto-encrypt-localhost❩ Creating local certificate authority (local CA) using mkcert…
Sudo password:
📜 ❨auto-encrypt-localhost❩ Local certificate authority created.
📜 ❨auto-encrypt-localhost❩ Creating local TLS certificates using mkcert…
📜 ❨auto-encrypt-localhost❩ Local TLS certificates created.
✨ ❨auto-encrypt-localhost❩ HTTP server is listening on port 80.
Web server is running at https://localhost
But visiting https://localhost doesn't do anything, but visiting https://localhost:80 at least seems to exist:
- firefox
Secure Connection Failed
An error occurred during a connection to localhost:80.
SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
- google chrome
This site can’t provide a secure connection
localhost sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
For comparision, trying with https://localhost or https://localhost:443 or https://localhost:54321 gives me:
- firefox
Unable to connect
Firefox can’t establish a connection to the server at localhost.
- google chrome
This site can’t be reached
localhost refused to connect.
ERR_CONNECTION_REFUSED
Which at least tells me, both browsers found something and not nothing, but it still doesn't work.
Thx :-)
https://github.com/small-tech/auto-encrypt-localhost/issues/3#issuecomment-674605936 is where i mentioned Linux Mint 19.3 (XFCE Desktop) ... I am using my Laptop, which is a HP Spectre x360 15" and i guess it's a 64bit architecture. It's an Intel Core i7.
Did you have any success reproducing it?
@serapath Sorry I’ve been so slow on this. I wasn’t able to reproduce it. Wondering if it’s still an issue for you on the latest 7.x line?