Topic on Talk:Parsoid

parsoid doesn't like tls 1.3

3 comments 16:18, 1 July 2020 3 years ago
3
Summary by Arlolra

nodejs 10.19 deb in ubuntu 20.04 doesn't know about tls v1.3 yet

188.102.29.119 (talkcontribs)

mediawiki 1.34.2 / parsoid 0.11.0all from the mw-repo on ubuntu 20.04, served by apache. apache redirects all non-https-requests to https, with

sslprotocol             all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2

in the apache configuration i'm getting an

"Error loading data from server: apierror-visualeditor-docserver-http-error: http-bad-status. Would you like to retry?" error msg when trying to use visualeditor. in the logs:

{"name":"parsoid","hostname":"whatever","pid":483060,"level":60,"logType":"fatal/request","wiki":"wiki$0","title":"whatever", "oldId":null,"reqId":"d960f833d976986e93c7afeb","userAgent":"VisualEditor-MediaWiki/1.34.2","msg":"Template Fetch failure for \"whatever\": Error: write EPROTO 140430689695552:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1543:SSL alert number 70\n","stack":"Error: Template Fetch failure for \"whatever\": Error: write EPROTO 140430689695552:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1543:SSL alert number 70\n\n    at TemplateRequest.ApiRequest._requestCB (/usr/lib/parsoid/src/lib/mw/ApiRequest.js:414:15)\n    at Request.request [as _callback] (/usr/lib/parsoid/src/lib/mw/ApiRequest.js:332:35)\n    at self.callback (/usr/lib/parsoid/node_modules/request/request.js:185:22)\n    at Request.emit (events.js:198:13)\n    at Request.onRequestError (/usr/lib/parsoid/node_modules/request/request.js:877:8)\n    at ClientRequest.emit (events.js:203:15)\n    at TLSSocket.socketErrorListener (_http_client.js:401:9)\n    at TLSSocket.emit (events.js:198:13)\n    at errorOrDestroy (internal/streams/destroy.js:107:12)\n    at onwriteError (_stream_writable.js:436:5)\n    at onwrite (_stream_writable.js:461:5)\n    at _destroy (internal/streams/destroy.js:49:7)\n    at TLSSocket.Socket._destroy (net.js:614:3)\n    at TLSSocket.destroy (internal/streams/destroy.js:37:8)\n    at WriteWrap.afterWrite [as oncomplete] (net.js:791:10)","longMsg":"Template Fetch failure for \"whatever\": Error: write EPROTO 140430689695552:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1543:SSL alert number 70\n","levelPath":"fatal/request","time":"2020-07-01T15:11:18.900Z","v":0}

… removing -TLSv1.2 from the sslprotocol-config causes it to work as expected.

15:29, 1 July 2020 3 years ago
188.102.29.119 (talkcontribs)

… not really parsoids fault, the nodejs 10.19 deb in ubuntu 20.04 doesn't know about tls v1.3 yet:

15:58, 1 July 2020 3 years ago
188.102.29.119 (talkcontribs)

root@mediawiki:~# grep -i tlsv1. nodejs-10.19.0~dfsg/lib/_tls_common.js

  if (v === 'TLSv1') return TLS1_VERSION;

  if (v === 'TLSv1.1') return TLS1_1_VERSION;

  if (v === 'TLSv1.2') return TLS1_2_VERSION;

root@mediawiki:~#

16:01, 1 July 2020 3 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Vpbnlvejsem6jwf3"