Random OpenSSL / Headers parsing error about http HOT 13 CLOSED

I opened up this https://community.shopify.com/c/technical-q-a/rest-api-random-ssl-errors-and-header-parsing/m-p/1789546#M108546

from http.

Yeah, as I said earlier this seems like a low-level OpenSSL error.

It's kind of surprising you're encountering this with Shopify though, since they're heavy Ruby users.

I'd suggest continuing to pursue it with them, especially if you can reproduce it across multiple HTTP clients.

from http.

A “TLS write client hello” error indicates the remote end is closing the socket before the client has finished sending the very first message in the TLS handshake.

This a low-level error originating in OpenSSL that can have a multitude of causes, everything from network errors to incompatible TLS configurations between client and server.

Is it sporadic? Is there an accompanying error on the server side you can share?

from http.

A “TLS write client hello” error indicates the remote end is closing the socket before the client has finished sending the very first message in the TLS handshake.

This a low-level error originating in OpenSSL that can have a multitude of causes, everything from network errors to incompatible TLS configurations between client and server.

Is it sporadic? Is there an accompanying error on the server side you can share?

Yes it is sporadic / random. Both exceptions are. I wish I could provide more information. All I have is the error shown above. There is no log on the Shopify side. All I can tell is that it's mostly while fetching the products (it's paginated so pulling all of them can take a lot of calls) https://shopify.dev/api/admin-rest/2022-07/resources/product#get-products

Edit: I might add: Our platform uses 2021-01 API version. It's on our todo list to update

from http.

The first error is happening inside OpenSSL long before any HTTP interaction takes place.

I’m not sure why it would be working with HTTParty, which is just a Net::HTTP wrapper last I checked. Perhaps it has a different OpenSSL configuration?

from http.

The first error is happening inside OpenSSL long before any HTTP interaction takes place.

I’m not sure why it would be working with HTTParty, which is just a Net::HTTP wrapper last I checked. Perhaps it has a different OpenSSL configuration?

I admit the comparison between llhttp and Net::HTTP is above my knowledge, I wouldn't know. All I can tell is when it comes to gem usage, I did not customize anything more than you see on the screenshot above. I believe it is safe to say i'm using the default settings when it comes to HTTP.rb and HTTParty

from http.

Again, in the case of the first error, it’s occurring inside the Ruby OpenSSL extension, used by both libraries. The HTTP parser is irrelevant in that case.

from http.

Again, in the case of the first error, it’s occurring inside the Ruby OpenSSL extension, used by both libraries. The HTTP parser is irrelevant in that case.

Right. Then I wouldn't know because the only change I have done is the gem replacement and the diff is in the first post

from http.

If you can ask someone what the server-side TLS configuration is, that might be helpful

from http.

If you can ask someone what the server-side TLS configuration is, that might be helpful

I could try asking in their forum https://community.shopify.com/c/shopify-community/ct-p/en

Is there something more specific you want me to ask?

from http.

What TLS versions and ciphersuites are supported, and ideally the client-side configuration they would prefer.

As far as I can tell this is a server-side issue, although it may be impacted by the local client-side TLS configuration.

If you can report this issue upstream somewhere, that'd be great.

from http.

What TLS versions and ciphersuites are supported, and ideally the client-side configuration they would prefer.

As far as I can tell this is a server-side issue, although it may be impacted by the local client-side TLS configuration.

If you can report this issue upstream somewhere, that'd be great.

We started to get randomly the same error again but this time with HTTParty

OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 peeraddr=23.227.38.74:443 state=SSLv3/TLS write client hello
/app/vendor/bundle/ruby/3.1.0/gems/net-protocol-0.1.3/lib/net/protocol.rb:46:in `connect_nonblock'
/app/vendor/bundle/ruby/3.1.0/gems/net-protocol-0.1.3/lib/net/protocol.rb:46:in `ssl_socket_connect'
/app/vendor/ruby-3.1.0/lib/ruby/3.1.0/net/http.rb:1048:in `connect'
/app/vendor/ruby-3.1.0/lib/ruby/3.1.0/net/http.rb:976:in `do_start'
/app/vendor/ruby-3.1.0/lib/ruby/3.1.0/net/http.rb:965:in `start'
/app/vendor/ruby-3.1.0/lib/ruby/3.1.0/net/http.rb:1530:in `request'
/app/vendor/bundle/ruby/3.1.0/gems/httparty-0.20.0/lib/httparty/request.rb:152:in `perform'
/app/vendor/bundle/ruby/3.1.0/gems/httparty-0.20.0/lib/httparty.rb:613:in `perform_request'
/app/vendor/bundle/ruby/3.1.0/gems/httparty-0.20.0/lib/httparty.rb:527:in `get'
/app/vendor/bundle/ruby/3.1.0/gems/httparty-0.20.0/lib/httparty.rb:646:in `get'
/app/lib/shopify/api.rb:65:in `next_page'
/app/lib/shopify/api.rb:59:in `get_paginated'
/app/lib/shopify/product.rb:8:in `list'

I guess we can close the issue since it ain't gem specific. However I wish there was something we could have done

from http.