Problems with HTTPS calls going through Cloudflare


(Iain Edminster) #1

Hello,
I’m hoping someone can confirm or offer advise for an issue I am having. The issue seems to be with sending requests to an HTTPS endpoint that is going through Cloudflare. I’ve tried using both the synchronous and asynchronous API methods but I keep getting an SSL exeception:

javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters

Once I start sending it to the same endpoint with only HTTP (no longer going through cloudflare), it works just fine. This seems like a recent issue (within the last month or so). Has anyone else run into this issue and is there anything I can do besides sending insecure requests?


(Mark C) #2

Yes, tell me about it ive been looking into this for a good month. id sugest getting in touch with cloudfair (or the provider using them) and helight this issue.
See these for the history


(Mark C) #3

this is the problem, but it makes no sens to me

It looks like Cloudflare would use an ECDHE cipher with Java 7, but the EC cipher suites aren’t supported by default on OpenJDK 7 (at least as packaged by Debian and Ubuntu). Compare https://packages.ubuntu.com/trusty/amd64/openjdk-7-jre-headless/filelist (no libsunec.so or sunec.jar) vs https://packages.ubuntu.com/xenial/amd64/openjdk-8-jre-headless/filelist (the openjdk8 used by Travis actually comes from https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa, but I suppose it contains SunEC).


(Mark C) #4

fixed see this


(ilker Aktuna) #5

@mark_cockcroft ,
Thanks for the solution , but it did not work for me.
You just add the parameter as below in the http post , correct ?
tlsVersion: "TLSv1.1",

when I add this I get the following error:

11149956-f172-4865-9bce-ab5054c8a66a 8:48:32 AM: error java.util.concurrent.TimeoutException: Execution time exceeded 20 app execution seconds: 376710692854852 @line -1 (doCall)
11149956-f172-4865-9bce-ab5054c8a66a 8:48:22 AM: error javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error @line 1713 (genGraph)

in addition to EC parameters error now I have the execution timeout error.
how did you solve ?


(Mark C) #6

this is my code
def paramsLogin = [
uri: apiURL(path),
headers: apiRequestHeaders(),
tlsVersion: "TLSv1.1",
body: body
]
//log.debug "message details '$paramsLogin'"
httpPost(paramsLogin) {responseLogin ->
its its own command in the message, not in the body or header

def podParams = [
uri: “https://chart.googleapis.com”,
tlsVersion: “TLSv1.1”,
//uri: “https://image-charts.com”,
path: “/chart”,
query: [cht: “lc”, chd: dl, chs: “400x250”, chof: “gif”, chxt: “x,y”, chxl: “0:|-12hr|-8hr|-4hr|now”, chco: “00FF00,0000FF”, chtt: “Traffic”, chts:“AAAAAA,15”, chxr:“0,0,192,1|1,0,”+maxx+","+aralik, ],
contentType: ‘image/gif’


(ilker Aktuna) #7

what do you mean ?
what is different from my usage ?


(Mark C) #8

if this is youtr code
def podParams = [
uri: “https://chart.googleapis.com”,
tlsVersion: “TLSv1.1”,
//uri: “https://image-charts.com”,
path: “/chart”,
query: [cht: “lc”, chd: dl, chs: “400x250”, chof: “gif”, chxt: “x,y”, chxl: “0:|-12hr|-8hr|-4hr|now”, chco: “00FF00,0000FF”, chtt: “Traffic”, chts:“AAAAAA,15”, chxr:“0,0,192,1|1,0,”+maxx+","+aralik, ],
contentType: ‘image/gif’
]
or try “TLSv1.2”


(ilker Aktuna) #9

I already tried that way. but does not work.
tried now also with 1.2
no change.


(Mark C) #10

whats your line 1 (doCall)
it looks like there is something else earlyer on in code


(Mark C) #11

put a log.debug line in just befor toy hpptpost line and see what comes up in the live logging
log.debug " podParams = $podParams"


(ilker Aktuna) #12

at line 1 there’s nothing , just the metadata (start of DTH)

with the log command you suggested I get :

podParams = [uri:https://image-charts.com, path:/chart, tlsVersion:TLSv1.1, contentType:image/gif, query:[cht:lc, chd:t:0.2962962960,0.3809523810,0.1904761900,0.4444444440,0.3333333330,0.2222222220,0.2962962960,0.3809523810,0.3333333330,0.3809523810,0.3333333330,0.3809523810,0.2222222220,0.3809523810,0.2222222220,0.3809523810,0.4444444440,0.3333333330,0.3333333330,0.3809523810,0.3555555560,0.3809523810,0.750,0.3809523810,0.3809523810,0.40,0.3333333330,0.3333333330,0.2962962960,0.4444444440,0.6666666670,0.4444444440,0.1904761900,0.4102564100,0.3333333330,0.4444444440,0.2222222220,0.2962962960,0.3333333330,0.3333333330,0.4444444440,1.3333333330,0.3333333330,2.6666666670,1.0666666670,1.5555555560,1.3333333330,1.5238095240,3.1111111110,1.9487179490,1.1111111110,3.5833333330,8.80,16.5714285710,7.4285714290,5.2222222220,2.4444444440,13.6296296300,4.6666666670,0.4444444440,1.1666666670,0.7407407410,0.5714285710,0.4444444440,0.5714285710,1.9047619050,7.4074074070,2.4242424240,11.7777777780,2.6666666670,4.2424242420,3.0476190480,1.6666666670,1.9047619050,2.0740740740,0.8571428570,0.750,0.2222222220,0.6666666670,0.1904761900,0.2424242420,0.4444444440,3.8787878790,6.2222222220,0.1904761900,0.1481481480,0.3333333330,0.1666666670,0.1904761900,0.1666666670,0.1333333330,0.1666666670,0.1666666670,0.3333333330,0.1904761900,0,0.1904761900,0.4444444440,0.3333333330,0.2222222220,0.2222222220,0.3333333330,4.50,317.4814814810,79.1666666670,65.0,14.5185185190,1.1851851850,1.1428571430,1.1428571430,1.3333333330,1.1428571430,1.1666666670,0.9523809520,1.1666666670,1.0,1.0909090910,233.1666666670,542.8888888890,529.7777777780,303.2592592590,0.9333333330,1.1428571430,0.9523809520,1.1111111110,1.0370370370,1.0909090910,1.0370370370,1.1428571430,1.3333333330,1.1666666670,0.8333333330,1.0370370370,1.1111111110,0.9523809520,0.8888888890,1.0,1.1428571430,2.3703703700,1.0,1.1111111110,1.1666666670,0.9629629630,1.3333333330,1.1111111110,1.1428571430,1.1111111110,0.6666666670,0.1904761900,0.1666666670,0.1904761900,0.2666666670,0.2222222220,0.19047…[TRUNCATED]


(Mark C) #13

try this just to check what are you using chart.googleapis.com or https://image-charts.com
def podParams = [
uri: “https://chart.googleapis.com/chart”,
tlsVersion: “TLSv1.1”,
//uri: “https://image-charts.com/chart”,
//**path: “/chart”,
query: [cht: “lc”, chd: dl, chs: “400x250”, chof: “gif”, chxt: “x,y”, chxl: “0:|-12hr|-8hr|-4hr|now”, chco: “00FF00,0000FF”, chtt: “Traffic”, chts:“AAAAAA,15”, chxr:“0,0,192,1|1,0,”+maxx+","+aralik, ],
contentType: ‘image/gif’
]


(ilker Aktuna) #14

what do you mean ?
replace image-charts with googleapis ?


(Mark C) #15

no comment out the path line
and add the path to the end of the url
uri: “https://image-charts.com/chart",


(ilker Aktuna) #16

ok. here’s the new debug output. (I made the query shorter to test but same result):

podParams = [uri:https://image-charts.com/chart, tlsVersion:TLSv1.1, contentType:image/gif, query:[cht:lc, chd:t:0.1481481480,0.1333333330,0.2424242420,0.1904761900,17.7895335610,0.5714285710,1.1428571430,1.0864197530,2.8333333330,2.6666666670,2.1666666670,1.0666666670|0.2962962960,0.2666666670,0.3636363640,0.1904761900,6.3970420930,0.3809523810,0.7619047620,0.5925925930,0.6666666670,2.6666666670,0.6666666670,0.7111111110, chs:400x250, chof:png, chxt:x,y, chxl:0:|-24hr|-18hr|-12hr|-6hr|now, chco:00FF00,0000FF, chtt:Traffic, chts:AAAAAA,15, chxr:1,0,540,108.0]]


(Mark C) #17

you still geting the line 1 error?
could try httpPost insted of get


(ilker Aktuna) #18

I don’t get the “line 1 error” frequently. in fact for the last 10-15 times I did not get it.
trying httpPost instead of httpGet does not change the result. same “ec parameters” error


(ilker Aktuna) #19

any other ideas ?


(Mark C) #20

can you post that section of code, might be a mispalces ’ or someting