aantron
Handshake error when querying medium over HTTPS
When running the following request:
let () =
let _ =
Lwt_main.run @@ Hyper.get "https://medium.com:443/feed/ahrefs/tagged/ocaml"
in
()
I'm seeing the following error:
Fatal error: exception SSL connection() error: error:0A000410:SSL routines::sslv3 alert handshake failure
I don't reproduce this error in any other domain and RSS feeds I've tried to query.
Comparing the error message and this line:
https://github.com/aantron/hyper/blob/a16193c5369d379772765b549a393090d639373e/src/http/connect.ml#L72
I suspect, without confirming, that Hyper is not allowing SSL to negotiate SSLv3 with medium.com. It looks like SSLv3 is widely considered obsolete, but it should probably be an option to enable it. Also, there is the possiblity that there are other bugs in Hyper and/or ocaml-ssl that cause medium.com to try SSLv3.
Similar error with gitlab.com:
utop # Hyper.get ~headers:["Host", "gitlab.com"] "https://gitlab.com:443/";;
Exception:
SSL connection() error: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
I've tried to use SSLv23 which according to ocaml-ssl interface file means "try everything" and the error didn't go away.
In case it's useful, I hit the same thing with the github API:
# Hyper.get "https://api.github.com/zen";;
Exception: SSL connection() error: error:00000000:lib(0):func(0):reason(0)
