Error in PubHttpClient.send (issue 12581) error: HandshakeException: Connection terminated during handshake

[DartBot]

This issue was originally filed by [email protected]

---

What steps will reproduce the problem?
pub get

What is the expected output? What do you see instead?
Need to install the dependencies

Error in PubHttpClient.send (issue #12581) error: HandshakeException: Connection terminated during handshake

What version of the product are you using? On what operating system?
Pub 0.8.5+1.r28990

[dgrove]

Added Area-Pub, Triaged labels.

[munificent]

Hey, Anders and Bill! I don't know much of anything about secure sockets. Do you have any ideas what could cause this?

---

cc @Skabet.
cc @whesse.

[sgjesse]

Couple of questions.

Is this a reoccurring or sporadic error?

Is there any stack trace available with the error?

The error "Connection terminated during handshake" says that the underlying socket connection was disconnected during the initial handshake. In this case it seems to be the server which closed the connection. Unless this is a communication issue it could be some protocol issue. An secure socket connection is typically silently closed by the server if the data coming from the client is not valid

[DartBot]

This comment was originally written by @stevehsu77

---

I got same problem. it seems that SSL library lose some ciphers.
please check this (http://stackoverflow.com/questions/20077732/httpclient-ssl-tls-problems-in-dart) for a snapshot of ssl handshake http package

[DartBot]

This comment was originally written by [email protected]

---

I am an NSS developer. I looked at the info in
http://stackoverflow.com/questions/20077732/httpclient-ssl-tls-problems-in-dart

It shows that Dart is using only the cipher suites enabled by NSS by default.
Dart should copy the following code from Chromium to enable strong cipher suites:
the NSSSSLInitSingleton() constructor in file net/socket/nss_ssl_util.cc
You can customize the criteria for enabling a cipher suite to meet Dart's needs.

Søren also emailed me the code Darts uses to initialize NSS. I suggest the
following changes:

• Search for SSL_ENABLE_TLS and SSL_ENABLE_SSL3 and remove the SSL_OptionSet*
    calls that use them. They have been replaced by SSL_VersionRangeSet.
• NSS supports TLS 1.2 now. So you can pass
        vrange.max = SSL_LIBRARY_VERSION_TLS_1_2
    to SSL_VersionRangeSet.

[DartBot]

This comment was originally written by [email protected]

---

I found that my previous comment may be a little unclear. I said:

  Dart should copy the following code from Chromium to enable
  strong cipher suites.

What I meant is:

  Dart should copy the following code from Chromium to enable
  more strong cipher suites.

[DartBot]

This comment was originally written by @stevehsu77

---

i found the code here
trunk/dart/runtime/bin/secure_socket.cc
(https://code.google.com/p/dart/codesearch#dart/trunk/dart/runtime/bin/secure_socket.cc&q=SSL_ENABLE_TLS&sq=package:dart&type=cs)

589: status = SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE);
590: if (status != SECSuccess) {
591: mutex_->Unlock(); // MutexLocker destructor not called when throwing.
592: ThrowPRException("TlsException",
593: "Failed SSL_OptionSetDefault enable TLS call.");

659: SSLVersionRange vrange;
660: vrange.min = SSL_LIBRARY_VERSION_3_0;
661: vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
662: SSL_VersionRangeSet(filter_, &vrange);

so how to enable more ciphers?

[whesse]

I can fix this, based on the help from wtc (thanks).

---

Set owner to @whesse.
Removed Priority-Unassigned, Area-Pub labels.
Added Priority-High, Area-IO, Accepted labels.

[DartBot]

This comment was originally written by @filiph

---

Just in case this helps in any way, I'm attaching pub --trace 'get' output. I had this error while in an airport, so there probably was something fishy with the network, if it worked at all. Nevertheless, it probably should've failed more gracefully.

======

Resolving dependencies...Error in PubHttpClient.send (issue #12581) error: HandshakeException: Handshake error in client (OS Error: Unable to communicate securely with peer: requested domain name does not match the server's certificate., errno = -12276)
    stacktrace: #­0 PubHttpClient.send (file:///Volumes/data/b/build/slave/dart-editor-mac-dev/build/dart/sdk/lib/_internal/pub/lib/src/http.dart:60)
#­1 BaseClient._sendUnstreamed.<anonymous closure> (package:http/src/base_client.dart:118)
#­2 _Future._propagateToListeners.<anonymous closure> (dart:async/future_impl.dart:453)
#­3 _rootRun (dart:async/zone.dart:683)
#­4 _RootZone.run (dart:async/zone.dart:823)
#­5 _Future._propagateToListeners (dart:async/future_impl.dart:445)
#­6 _Future._complete (dart:async/future_impl.dart:303)
#­7 _Future._asyncComplete.<anonymous closure> (dart:async/future_impl.dart:354)
#­8 _asyncRunCallback (dart:async/schedule_microtask.dart:18)
#­9 _createTimer.<anonymous closure> (dart:async-patch/timer_patch.dart:11)
#­10 _Timer._createTimerHandler._handleTimeout (timer_impl.dart:151)
#­11 _Timer._createTimerHandler.<anonymous closure> (timer_impl.dart:166)
#­12 _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:93)

Error in PubHttpClient.send (issue #12581) error: HandshakeException: Handshake error in client (OS Error: Unable to communicate securely with peer: requested domain name does not match the server's certificate., errno = -12276)
    stacktrace: #­0 PubHttpClient.send (file:///Volumes/data/b/build/slave/dart-editor-mac-dev/build/dart/sdk/lib/_internal/pub/lib/src/http.dart:60)
#­1 BaseClient._sendUnstreamed.<anonymous closure> (package:http/src/base_client.dart:118)
#­2 _Future._propagateToListeners.<anonymous closure> (dart:async/future_impl.dart:453)
#­3 _rootRun (dart:async/zone.dart:683)
#­4 _RootZone.run (dart:async/zone.dart:823)
#­5 _Future._propagateToListeners (dart:async/future_impl.dart:445)
#­6 _Future._complete (dart:async/future_impl.dart:303)
#­7 _Future._asyncComplete.<anonymous closure> (dart:async/future_impl.dart:354)
#­8 _asyncRunCallback (dart:async/schedule_microtask.dart:18)
#­9 _createTimer.<anonymous closure> (dart:async-patch/timer_patch.dart:11)
#­10 _Timer._createTimerHandler._handleTimeout (timer_impl.dart:151)
#­11 _Timer._createTimerHandler.<anonymous closure> (timer_impl.dart:166)
#­12 _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:93)

Handshake error in client

---- Log transcript ----
FINE: Pub 1.0.0+3.r30187
SLVR: Solving dependencies:
    | - polymer any from hosted (polymer)
IO : Get versions from https://pub.dartlang.org/api/packages/polymer.
FINE: HTTP GET https://pub.dartlang.org/api/packages/polymer
    | Accept: application/vnd.pub.v2+json
SLVR: Could not get versions for polymer any from hosted (polymer):
    | HandshakeException: Handshake error in client (OS Error: Unable to communicate securely with peer: requested domain name does not match the server's certificate., errno = -12276)
    |
    | null
IO : Get versions from https://pub.dartlang.org/api/packages/polymer.
FINE: HTTP GET https://pub.dartlang.org/api/packages/polymer
    | Accept: application/vnd.pub.v2+json
SLVR: BacktrackingSolver took 0:00:00.459606 seconds.
    | - Requested 2 version lists
    | - Looked up 0 cached version lists
    | - Requested 0 pubspecs
    | - Looked up 1 cached pubspecs
    |
MSG : Resolving dependencies...
FINE: Clean up system cache temp directory /Users/filiph/.pub-cache/_temp.
ERR : Handshake error in client

---- End log transcript ----

[nex3]

Issue #15286 has been merged into this issue.

[nex3]

Issue #14171 has been merged into this issue.

[whesse]

Added Started label.

[whesse]

This problem should be fixed in revision 30897, which adds more ciphers to SecureSocket. If this error shows up again, please file a new bug with area=Pub, and we'll track down the new cause.

---

Added Fixed label.

[kevmoo]

Removed Area-IO label.
Added Area-Library, library-io labels.