websockex icon indicating copy to clipboard operation
websockex copied to clipboard

Published 20 hours ago verified publisher icon Azolo

Error 'bad record mac' starting websockex (Erlang >20 SSL Issue)

Open mbenatti opened this issue 7 years ago • 5 comments

Hello, I'm trying to connect and test the "wss://api.bitfinex.com/ws/2" Docs: https://bitfinex.readme.io/v2/reference#ws-public-ticker

Code:

iex(10)> uri = URI.parse "wss://api.bitfinex.com/ws/2"
%URI{
  authority: "api.bitfinex.com",
  fragment: nil,
  host: "api.bitfinex.com",
  path: "/ws/2",
  port: 443,
  query: nil,
  scheme: "wss",
  userinfo: nil
}
iex(11)> conn = WebSockex.Conn.new uri                
%WebSockex.Conn{
  cacerts: nil,
  conn_mod: :ssl,
  extra_headers: [],
  host: "api.bitfinex.com",
  insecure: true,
  path: "/ws/2",
  port: 443,
  query: nil,
  socket: nil,
  socket_connect_timeout: 6000,
  socket_recv_timeout: 5000,
  transport: :ssl
}
iex(12)> start_link = WS.start_link conn, :fake_state 
[info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'cipher', 32, 'received SERVER ALERT: Fatal - Bad Record MAC', 10]
{:error, %WebSockex.ConnError{original: {:tls_alert, 'bad record mac'}}}
iex(13)>

Its some limitation in lib or im doing something wrong?

mbenatti avatar Jan 22 '18 07:01 mbenatti

This is actually an issue with SSL negotiation.

I don't know if it's a problem with something I'm doing though.

Could you see which version of Erlang and OpenSSL you are using?

Azolo avatar Jan 22 '18 22:01 Azolo

Thanks for a quick response,

Info's below:

erlang 20.1
elixir 1.6.0
OpenSSL> version
OpenSSL 1.1.0g  2 Nov 2017
Linux ThinkPad-T440 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

mbenatti avatar Jan 23 '18 04:01 mbenatti

ok... seems something different with ssl library in erlang 20 or a bug.

I switch to erlang 19.3 and it worked:

iex(1)> uri = URI.parse "wss://api.bitfinex.com/ws/2"
%URI{
  authority: "api.bitfinex.com",
  fragment: nil,
  host: "api.bitfinex.com",
  path: "/ws/2",
  port: 443,
  query: nil,
  scheme: "wss",
  userinfo: nil
}
(search)`':                                                
nil
iex(3)> 
nil
iex(4)> conn = WebSockex.Conn.new uri
%WebSockex.Conn{
  cacerts: nil,
  conn_mod: :ssl,
  extra_headers: [],
  host: "api.bitfinex.com",
  insecure: true,
  path: "/ws/2",
  port: 443,
  query: nil,
  socket: nil,
  socket_connect_timeout: 6000,
  socket_recv_timeout: 5000,
  transport: :ssl
}
iex(5)> WS.start_link conn, :fake_state
Handle Connect
{:ok, #PID<0.476.0>}
Received Message - Type: :text -- Message: "{\"event\":\"info\",\"version\":2}"

mbenatti avatar Jan 23 '18 04:01 mbenatti

I really want to say that's surprising, but I can't. I honestly don't know how Erlang's SSL library works and trying to figure it out may be the death of me.

I don't think I'm going to spend much time trying to figure this one out, I don't think my sanity can handle another dive into Erlang SSL at the moment. However, I'm going to leave this open in hopes that some kind soul will come and tell us what is happening here.

Azolo avatar Jan 23 '18 05:01 Azolo

@Azolo while trying to find a resolution for my issues I found this:

https://bugs.erlang.org/browse/ERL-538

looks like otp 21 works ?

spunkedy avatar Jul 08 '18 23:07 spunkedy