Core: SSL handshake failed

I am also facing this issue on 0.73.2

@JamRWS6 please upgrade first. #15546 is in 0.74 supposes to fix some SSL issue.

Hi @awarecan, I'm using 0.74.0, I'm still having this issue.

@matisaul, you need provide more information about it, which components cause this? HA is server or client in this connection?

I'm having the same issue. Looks like it's due to DuckDNS (specifically LetsEncrypt)... For some reason it won't authenticate using SSL.

To locally use HASS, I had to remove the following code from the configuration.yaml file under HTTP:
base_url: https://yourhomeassistant.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

Same. But mine sees to be failing on the call from OpenWRT (using openwrt_hass_devicetracker) to HA.
Here is the OpenWRT error:

Sat Jul 21 14:56:34 2018 user.debug /usr/lib/hass/push_event.sh: post {"mac":"secret-mac","host_name":"","consider_home":"12:00","source_type":"router"}
Sat Jul 21 14:56:34 2018 user.err /usr/lib/hass/push_event.sh: post response curl: (52) Empty reply from server

and the HA config error:

2018-07-21 05:09:52 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 593, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-07-21 05:09:52 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 497, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-07-21 05:10:00 ERROR (MainThread) [homeassistant.components.updater] Got unexpected response: {'errorMessage': 'RequestId: 51273883-8ca4-11e8-b19e-f1e0256b876f Process exited before completing request'}
2018-07-21 05:10:04 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 593, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-07-21 05:10:04 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 497, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Have the same errors:

Log Details (ERROR)
Sun Jul 22 2018 21:20:24 GMT+0300 (Москва, стандартное время)

Error doing job: SSL error errno:1 reason: UNKNOWN_PROTOCOL
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 497, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:841)

Home Assistant 0.74.0
Hostname | hassio
System | HassOS 1.7
Deployment | production
Raspberry Pi 3 Model B

I've just filed https://github.com/home-assistant/home-assistant/issues/15642 which looks like a duplicate of this issue.

@cnschulz can you try to update your OpenWRT or at least its curl package to latest version?

I do to have this issue - using OpenWRT/LEDE in latest version for my device LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685)
Home Assistant 0.74.0
Hostname | hassio
System | HassOS 1.7
Deployment | production
Raspberry Pi 3 Model B

Seeing a lot of these errors in hassos.

Tue Jul 24 2018 01:52:32 GMT-0500 (Central Daylight Time)

Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 497, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Also seeing it in hassOS:

Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:841)
2018-07-26 09:18:32 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: NO_SHARED_CIPHER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:841)

same problem here:
https://community.home-assistant.io/t/connectivity-issues-duckdns/58267/32

Same errors filling up the logs.

Same here :)

I’m getting the same errors on hass.io 0.74.2

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)

Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)

+1

I am seeing similar issue being reported in HASSOS (v1.9) w/HA 0.75.1

Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Seeing the same thing with 0.75.2, using the Docker version.

ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:841)
2018-08-06 15:33:49 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: NO_SHARED_CIPHER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()

I get the same trying to setup home assistant control panel

Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request

Well, my issue was due to the fact that I missed a cors_allowed_origins stanza in the configuration.yaml. Once I put in
cors_allowed_origins:
- http://hassio.xxxxx.tld:7080
- http://hassio.local:7080

(and did a full reboot just for the fun of it)

I had no issues in home assistant control panel anymore

I'm also seeing this issue after setting up lets encrypt / duckdns on latest hassio.

I am having this issue, I am running hass.io 32 bit Home Assistant
0.75.2 and I only have duckdns, ssh server and configurator installed.

Log Details (ERROR)
Wed Aug 08 2018 11:00:08 GMT-0400 (Eastern Daylight Time)

Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

I'm receiving a ton of similar errors running 0.75.2. Not sure if it's the same issue based on reason:

Error doing job: SSL error errno:1 reason: TLSV1_ALERT_DECRYPT_ERROR
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_DECRYPT_ERROR] tlsv1 alert decrypt error (_ssl.c:841)

I'm running hassio 0.75.1
Have the same issue

2018-08-09 12:23:44 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-08-09 12:23:44 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Same here. This has been the most depressing and frustrating update. 75.1.

2018-08-08 23:23:05 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)
2018-08-08 23:23:05 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()

@dukeofmuffins fix it or add value towards a solution. Do not just Trump it with adjectives and negativity...

@bvansambeek I am +1'ing the issue for developer reference (see everyone's comments before me). Apologies that my disappointment offended you. If I could fix it or had any idea where the issue originated from I would speak up. I love hass but I think saying this problem bummed me out is fair. They certainly don't owe me or anyone anything, but its normal to be frazzled about a mysterious and sudden problem like this.

Just bumped up to 75.2, no change either. I'll keep poking around for now.

I'm not sure if this is the right place to post, I am new so point me in another direction if I am incorrect...
75.3 on ResinOS, pretty much the same since 75.1 & 75.2 updates.
Local connections only since 74.2
Tried new Duckdns token and uninstalled/reinstalled duckdns, no changes, logs about the same:

System log
   File "/usr/local/lib/python3.7/site-packages/aiohttp/http_websocket.py", line 621, in ping
    return await self._send_frame(message, WSMsgType.PING)
  File "/usr/local/lib/python3.7/site-packages/aiohttp/http_websocket.py", line 603, in _send_frame
    self.transport.write(header + message)
  File "uvloop/handles/stream.pyx", line 671, in uvloop.loop.UVStream.write
  File "uvloop/handles/handle.pyx", line 159, in uvloop.loop.UVHandle._ensure_alive
RuntimeError: unable to perform operation on <TCPTransport closed=True reading=False 0x74ca29e0>; the handler is closed
18-08-10 02:36:54 ERROR (MainThread) [asyncio] Task exception was never retrieved
future: <Task finished coro=<WebSocketWriter.ping() done, defined at /usr/local/lib/python3.7/site-packages/aiohttp/http_websocket.py:617> exception=RuntimeError('unable to perform operation on <TCPTransport closed=True reading=False 0x74ca27f0>; the handler is closed')>
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/aiohttp/http_websocket.py", line 621, in ping
    return await self._send_frame(message, WSMsgType.PING)
  File "/usr/local/lib/python3.7/site-packages/aiohttp/http_websocket.py", line 603, in _send_frame
    self.transport.write(header + message)
  File "uvloop/handles/stream.pyx", line 671, in uvloop.loop.UVStream.write
  File "uvloop/handles/handle.pyx", line 159, in uvloop.loop.UVHandle._ensure_alive
RuntimeError: unable to perform operation on <TCPTransport closed=True reading=False 0x74ca27f0>; the handler is closed

Experiencing the same with hass.io 0.75.3 - not using DuckDNS, but AM using Let's Encrypt and just got moved over to SSL yesterday (migrating from an old AIO install) which is when these messages started.

2018-08-10 10:11:45 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)
2018-08-10 10:11:45 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)
2018-08-10 10:11:47 ERROR (MainThread) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-08-10 10:12:16 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:841)
2018-08-10 10:12:16 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: NO_SHARED_CIPHER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:841)
2018-08-10 10:12:18 ERROR (MainThread) [homeassistant.core] Error doing job: Task was destroyed but it is pending!

Hi All,

The issue here is that HASS is using the "Modern Compatibility" mode, and it looks like whatever you are connecting to you it doesn't support the Modern cyphers.

For reference: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

I've asked @balloob to perhaps create a selector option.

I'm not following @chriskacerguis . I'm using the latest firefox and the DuckDNS addon with Let'sEncrypt. Does your statement mean that at least one of those doesn't support Modern cyphers?

Same confusion here. After reading the reference, I am on latest Chrome and
up to date on all versions except HassOS.

On Sat, Aug 11, 2018, 7:11 AM buckshome notifications@github.com wrote:

I'm not following @chriskacerguis https://github.com/chriskacerguis .
I'm using the latest firefox and the DuckDNS addon with Let'sEncrypt. Does
your statement mean that at least one of those doesn't support Modern
cyphers?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/home-assistant/home-assistant/issues/15579#issuecomment-412271276,
or mute the thread
https://github.com/notifications/unsubscribe-auth/Akf9t_tby32rDkHuLdAxj0B6PwEvVLzxks5uPsnygaJpZM4VYhID
.

Read the referenced issue, #15538 . If I understood it correctly, that's what is happening. Some integrations are not using Modern cyphers. Let's Encrypt is using Mozilla’s “intermediate compatibility” cipher suite configuration, while HA is using the Modern cyphers.

Is the problem solved?
I configurated my remote access today and I am getting these errors.
Running Hass 0.75.2
access through Chrome and IOS app.
access via Wifi and 4G is possible
Is there already a solution?
my config:

configuration.yaml

http:
   api_password: !secret http_password
   base_url: https://my_url.duckdns.org:8123
   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem

duckdns Addon

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "my_token",
  "domains": [
    "my_url.duckdns.org"
  ],
  "seconds": 300
}

Error doing job: SSL error errno:1 reason: HTTP_REQUEST
17:18 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: SSL handshake failed
17:18 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: Task was destroyed but it is pending!
17:18 core.py (ERROR)
Error doing job: Task was destroyed but it is pending!
17:18 core.py (ERROR)
Error doing job: Task was destroyed but it is pending!
17:18 core.py (ERROR)
Error doing job: SSL error errno:1 reason: HTTP_REQUEST
17:17 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: SSL handshake failed
17:17 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: SSL error errno:1 reason: HTTP_REQUEST
17:17 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: SSL handshake failed
17:17 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: SSL error errno:1 reason: HTTP_REQUEST
17:17 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: SSL handshake failed
17:17 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: Task was destroyed but it is pending!
17:17 core.py (ERROR)
Error doing job: Task was destroyed but it is pending!

If I understand this correctly, and Let's Encrypt _will not_ work with HA's Modern cyphers, where can a list, post, thread, blog, etc... be found for a viable/alternative outside connection solution? Again, I am apologetically a newbie, but I am learning as fast as I can and any direction is greatly appreciated. I can no longer set my Konnected alarm as I have no remote way to disarm or silence siren if triggered while I am away. Thanks

@Dino-Tech I am in the same boat trying to get konnected up and going. I spoke with the owner over at konnected and he suggested the following. I have tried to implement these changes but only seem to have more issues when I do so. If you can get this going please let me know. I tend to agree with him here that the defacto setup of duckdns and lets encrypt is not actually the smartest way to set up hass but I think everyone is so ingrained with it changing to other options can be kind of hard.

The LetsEncrypt certs can cause the WiFi module to run out of memory when trying to do the SSL handshake. See: Using Konnected with Hass.io and SSL/TLS

To work around this, use the NGINX SSL proxy:
https://www.home-assistant.io/addons/nginx_proxy/

You will need to REMOVE the ssl_certificate, ssl_key, and base_url config variables from the HTTP section of your configuration.yaml. Also REMOVE api_host from the Konnected section. Install the NGINX proxy add-on and set "domain" to your DuckDNS domain.

By default the NGINX proxy exposes port 443 securely to your DuckDNS domain, and proxies internally to port 8123. Restart Hass and Konnected should start communicating locally to Hass over HTTP port 8123, avoiding the certificate issue.

According to a conversation with @balloob on reddit, the Let's Encrypt stand alone hass.io add on isn't affected "as that is done inside the add-on and via SMS challenge, so let's encrypt doesn't make a request to Home Assistant at all". I'm now thinking that my errors, while similar, were actually related to another integration, possibly Automatic.

They seemed to have stopped completely but if they come back I'm going comment out my third party integrations and see if I can determine the offender. Again, according to @balloob it isn't that straightforward to add logic to the errors "because of the handshake failure, the client never tells us what path it wants to reach." So the old "comment out half, run, then if no errors comment the other half" procedure may be the only way to help track down the issue.

SMS challenge should be DNS challenge. Auto-correct typo. Home Assistant 0.76 will also include an option to change the SSL profile. I would still recommend to ask Automatic support (or whatever integration is the offending one) to fix their security.

Will advise if it turns out to be the culprit. Sorry I cut and pasted the error without fixing it - I did understand what you meant.

For what it's worth, I'm getting SSL errors on the latest hass.io as well

I performed the following tests with version 0.76.1:
1) fresh installation on a raspberry pi 3 (virtual environment). Everything is perfect with let's encrypt certificates. The only external service that makes calls is the integration of google home. No SSL handshake, everything is ok.
2) fresh installation of a docker on qnap with the use of the same let's encrypt certificates and the only integration of google home. As soon as the google home integration calls begin to arrive, there is a problem with SSL Handshake. I tried the three options for ssl_profile (modern, intermediate, old), with the first two I have the problem of Handshake, with the third one does not work SSL.

The tests were performed with identical configurations (the only change is the redirect of port 443 to a different internal ip)

I do not know why in the virtual environment on raspberry there is no problem, while in the official docker on Qnap there is the problem of the SSL Handshake.

I hope this experience gives some clues to the developers

I seem to be running into the same issue on my setup:
Hardware: Odroid C2
HassOS: 2.2
Hass.io Supervisor: 128
HA version: 0.77.1

I got the ssl certificate using the letsencrypt add-on (not duckdns) and I use it on a static wan IP address and a fixed subdomain.

I notice these errors in the log:

Error doing job: SSL error errno:1 reason: NO_SHARED_CIPHER
17:51 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: SSL handshake failed
17:51 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
17:51 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)
Error doing job: SSL handshake failed
17:51 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)