Cypress: 3.5.0 Error: write EPROTO 3343909432:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569:

@natkrish Thanks for opening an issue. Without a reproducible example, this issue will take longer to fix without this because we have to find the exact circumstances this fails.

Could you provide any more details surrounding your project and this test.

• Are you behind a proxy?
• You are writing cy.request() - are you passing any options?
• Do you have any options sent to cy.server() that overwrite defaults?
• What is the expected result of your cy.request()? 200, 300??
• Does the url usually do any redirects?
• Is the url http or https
• Do you have any special SSL configuration?

@jennifer-shehane thanks for your response. I understand that its not possible to reproduce without a working example - may be when i get sometime I will try and do a simple example.

Are you behind a proxy?

Yes

You are writing cy.request() - are you passing any options?

Yes I use it but with no options. But i wasn't executing that test.

Do you have any options sent to cy.server() that overwrite defaults?

Yes I use it but with no options. But i wasn't executing that test.

What is the expected result of your cy.request()? 200, 300??

I am not sending cy.request();

Does the url usually do any redirects?

Nope

Is the url http or https

https:

Do you have any special SSL configuration?

not really

I was able to run the same tests in 3.4.1 with success. But with 3.5.0 its not even trying to open the url.

Sorry @natkrish, I assumed this was an error from a cy.request() just from the messaging of the error. This is happening during a cy.visit()?

Yes it is happening when i start my tests with cy.visit('/') - and I have set up the base url in cypress.json

I upgraded to 3.4.1 and I'm having the same issue

boringssl is the custom OpenSSL-alike implementation Electron uses (also bundled with Chromium): electron/electron#20204

We had a similar issue with certain certs that was a result of a bug in the version of OpenSSL bundled with Node in 3.4.1. Updating Node should've fixed that. We also updated Electron from 2 to 5 in 3.5.0, and in Electron 4, they switched from OpenSSL in Node to boringssl.

You can see issues with boringssl in Electron here: https://github.com/electron/electron/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+boringssl

@natkrish @itsnathandaily Can one of you share a URL that shows this behavior when cy.visit()ed? It would be a big help to track this down.

@flotwig - unfortunately, its not possible for me to share the url reason being I was using our internal test environments which works fine with 3.4.1. That site pretty much looks similar to this one - so may be you can use it to test cy.visit(). https://onlinedoctor.lloydspharmacy.com/

@natkrish I tried running this test, and it works:

it('', () => {
  cy.visit('https://onlinedoctor.lloydspharmacy.com/')
})

Is there a difference in how you generate certs for production and development? It could be some weird cipher suite or option you're using in your development certificate conflicting with Electron.

I have this problem. this case maybe CA is old. Chrome can show “Your connection is not private“ Warning in new version.

"chromeWebSecurity": false in cypress.json

this setting is not work, how to miss this warning?? @jennifer-shehane

@GarthyCheang Are you talking about this?

^ That's normal, that's just there because Cypress uses it's own CA to intercept HTTPS traffic for tests.

@flotwig yes! Cypress show network issue, and then can't testing the app

@flotwig @jennifer-shehane After updating cypress to 3.6.0 version i no longer get this issue anymore. Hence closing this ticket for now.

I still have this issue even on "cypress": "3.6.0", and Chrome 78 (Electron 73 and Chromium 78 have the same)
The stack trace for this error is:

Error: write EPROTO 38265138154120:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569:

    at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:82:16)

      at Object.cypressErr (http://localhost:35175/__cypress/runner/cypress_runner.js:104940:11)
      at Object.throwErr (http://localhost:35175/__cypress/runner/cypress_runner.js:104895:18)
      at Object.throwErrByPath (http://localhost:35175/__cypress/runner/cypress_runner.js:104927:17)
      at http://localhost:35175/__cypress/runner/cypress_runner.js:91060:31
      at visitFailedByErr (http://localhost:35175/__cypress/runner/cypress_runner.js:90566:12)
      at http://localhost:35175/__cypress/runner/cypress_runner.js:91059:22
      at tryCatcher (http://localhost:35175/__cypress/runner/cypress_runner.js:138967:23)
      at Promise._settlePromiseFromHandler (http://localhost:35175/__cypress/runner/cypress_runner.js:136903:31)
      at Promise._settlePromise (http://localhost:35175/__cypress/runner/cypress_runner.js:136960:18)
      at Promise._settlePromise0 (http://localhost:35175/__cypress/runner/cypress_runner.js:137005:10)
      at Promise._settlePromises (http://localhost:35175/__cypress/runner/cypress_runner.js:137080:18)
      at Async../node_modules/bluebird/js/release/async.js.Async._drainQueue (http://localhost:35175/__cypress/runner/cypress_runner.js:133692:16)
      at Async../node_modules/bluebird/js/release/async.js.Async._drainQueues (http://localhost:35175/__cypress/runner/cypress_runner.js:133702:10)
      at Async.drainQueues (http://localhost:35175/__cypress/runner/cypress_runner.js:133576:14)

The certificate for my site was generated via https://github.com/FiloSottile/mkcert

I am having the same issue. (3.6.0)

Error: write EPROTO 3839146440:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569:

    at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:82:16)

Reopening since people seem to still be having this issue.

Same thing for me:
I upgraded my cypress version from 3.4.1 to 3.6.0. All my tests were working fine on 3.4.1 but once I upgraded to 3.6.0 - I get errors when using cy.request() and even cy.visit():

cy.visit() :

cy.request() :

@Mkots I tried to use mkcert to generate a cert that would reproduce this issue, but couldn't get Electron to throw the unsupported_protocol error even with a mkcert cert.

Can you please check out my repo and let me know what the difference is between my gen-cert.sh and the command you use to generate testing certificates?

https://github.com/flotwig/electron-boringssl-repro

For anyone experiencing this issue - if you can try running your tests with debug logs enabled, and share those logs here, it will show some more information which we can use to get to the root of the issue.

• On Linux/macOS: DEBUG=cypress:* cypress ...
• On Windows: npx cross-env DEBUG=cypress:* cypress ...

Make sure to scrub any private data from the logs before sharing here.

+1

it happens when visit self-signed certificate website.

Same here in 3.6.1
Was working in 3.4.1

Common situations why this would fail:

• you don't have internet access
• you forgot to run / boot your web server
• your web server isn't accessible
• you have weird network configuration settings on your computer

The stack trace for this error is:

RequestError: Error: write EPROTO 140723175747320:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569:

at new RequestError (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request-promise-core/lib/errors.js:14:15)
at Request.plumbing.callback (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request-promise-core/lib/plumbing.js:87:29)
at Request.RP$callback [as _callback] (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request-promise-core/lib/plumbing.js:46:31)
at self.callback (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request/request.js:185:22)
at Request.emit (events.js:194:13)
at Request.onRequestError (/Users/vrodnyanskiy/Library/Caches/Cypress/3.6.1/Cypress.app/Contents/Resources/app/packages/server/node_modules/request/request.js:877:8)
at ClientRequest.emit (events.js:199:15)
at TLSSocket.socketErrorListener (_http_client.js:401:9)
at TLSSocket.emit (events.js:194:13)
at errorOrDestroy (internal/streams/destroy.js:107:12)
at onwriteError (_stream_writable.js:436:5)
at onwrite (_stream_writable.js:461:5)
at internal/streams/destroy.js:49:7
at TLSSocket.Socket._destroy (net.js:600:3)
at TLSSocket.destroy (internal/streams/destroy.js:37:8)
at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:83:12)

@jennifer-shehane I think this is still an issue on my side too with version 3.7.0. The good thing is it doesnt throw this error when running local but happens when running it on jenkins.

@flotwig Sorry for the late reply, now I can't reproduce this behaviour, I think this error was connected with my environment, unfortunately, I don't know any concrete causes

@jennifer-shehane @flotwig I think this issue is still happening on 3.8.0 unfortunately.

can someone help me with a solution for this issue please? At the moment, i had to downgrade it to 3.4.1 due to this error and i am losing a lot of good features as a result of this.

Still looking for DEBUG logs from anyone experiencing this issue:

For anyone experiencing this issue - if you can try running your tests with debug logs enabled, and share those logs here, it will show some more information which we can use to get to the root of the issue.

* On Linux/macOS: `DEBUG=cypress:* cypress ...`

* On Windows: `npx cross-env DEBUG=cypress:* cypress ...`

Make sure to scrub any private data from the logs before sharing here.

It is probably a result of incompatibility between Electron and certain SSL configurations.

@flotwig here is the debug output. I havent formatted it to be honest and according to me there is no sensitive information on it. You can use the full to investigate. Let me know if you need more info.
ConEmu-2019-12-16-p3516.log

@flotwig any luck with the investigation?

I'm also experiencing this issue. It runs fine locally on an unsecure domain (i.e. http://) however as soon as I run it in my testing environment which has a self-signed SSL cert, all tests fail with the error in this issues title.

@fourthmeal70 thats right. I am kind of stuck with 3.4.1 and not be able to use the latest and best features in version 3.8.0. I am hoping that the cypress team investigates this sooner than later. @jennifer-shehane @flotwig

This is still a problem with version 3.8.0

On Wed, 18 Dec 2019 at 16:22, fourthmeal70 notifications@github.com wrote:

I'm also experiencing this issue. It runs fine locally on an unsecure
domain (i.e. http://) however as soon as I run it in my testing
environment which has a self-signed SSL cert, all tests fail with the error
in this issues title.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/cypress-io/cypress/issues/5446?email_source=notifications&email_token=AHOEKSUHO3645UPUEZBDO2LQZJE5DA5CNFSM4JEUPTE2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHGVL3Q#issuecomment-567105006,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AHOEKSTZM76GNC3YNNJKVITQZJE5DANCNFSM4JEUPTEQ
.

Do any of you have a public website that I can use to reproduce this issue? I think it's related to specific SSL configurations.

@flotwig unfortunately, it doesnt happen on any site thats available to public. it happens on our internal test environments. So if you can find any self signed certificate site, then you should be able to reproduce.

@flotwig My tests run just fine when pointed to my public site as it's using a public certificate. As @natkrish has said, it seems to only happen on environments that use self signed certificates which is what all of our internal environments use.

@nkrishna79 @fourthmeal70 Gotcha. Could you please share how you generated your self signed certs? All commands used, parameters given, etc.

@flotwig this is going to be tricky because I dont have access to do this on our servers. Its normally done by the Dev ops team. May be @fourthmeal70 does?

@flotwig I apologize for taking so long to reply. I am not on the team that generally creates our certs so I don't know the steps taken to generate our self signed certs however, I've asked the team that does for the information and am waiting for their reply.

I also came across this issue: https://github.com/cypress-io/cypress/issues/771 I wonder if the changes to fix that somehow caused the error we're facing now. It seems closely related and also was released in version 3.5.0 which is when we started seeing the error here.

@flotwig All I know so far is our certs are generated with Microsoft's Active Directory Cert services. I don't know any details beyond that.

My team has encountered this error in an internal-only project, and I have noticed a potentially useful data point. We have two environments, one "old" with out-of-date infrastructure and one "current" with up-to-date infrastructure. This error only appears when running against the "old" environment, which happens to have TLS 1.0 running. The "current" environment (which works great) has TLS 1.2.

I am suspicious that the error is tied to the TLS version in some way.

@bahmutov - it will be great if you can take this issue on board and see what you can do about it. At the moment, it’s been difficult to set up a demo project to showcase this issue however on the negative side I am not able to use the latest version of cypress due to this bug. Can you please investigate it?

We really cannot solve this problem without a reproduction

@bahmutov well it’s a bit tricky to reproduce because it happens only on internal test environment. I am not sure how other cypress users are overcoming this problem at their end. If you can schedule someone to come on a video call may be we can solve this issue?

@nkrishna79 (or @fourthmeal70, or @cjones2-sandia, or anyone else with this issue) - here is a command which will give a bunch of information about the SSL configuration in place, which we can use to establish a pattern of what causes this issue.

Please run it against the site that fails to load in Cypress and share the output here.

It will require having the openssl command line tool installed.

openssl s_client -showcerts -connect your-site-here.com:443

It is most likely a bug in boringssl which we will have to report upstream, but I'd like to narrow it down by following the above steps.

@flotwig thanks for much. I will definitely run it tomorrow as soon as I get into work and will pass you the information.

@flotwig I have sent you an email with the output from running the above command. Please do let me know upon receipt.

opensslOutput.txt

Attached is the output when I run the command against our internal site.

After reading what @cjones2-sandia said about TLS versions, I pointed our Cypress tests to another internal site that uses TLS 1.2 and the tests worked fine. Pointing them back to our normal development server which only supports TLS 1.0 and the tests fail with the error here. I also believe that the issue has something to do with the TLS version. I've asked our devOps team to upgrade our development servers and will report back if things start working when they do.

The openssl output I received from @natkrish also used TLSv1, I also suspect that using TLSv1 could be what triggers this bug.

I am still trying to create a TLSv1 server to reproduce this issue, I attempted to write one in Node.js but it does not work. I suspect I will have to use nginx.

My non-working repro code:

const https = require('https')
const cert = require('https-pem')

const port = process.env.PORT || 12345

const server = https.createServer({
  maxVersion: 'TLSv1',
  ...cert
}, (req, res) => {
  res.setHeader('content-type', 'text/html') // required by Cypress cy.visit
  res.end('foo')
})

server.listen(port, () => {
  console.log(`listening at https://127.0.0.1:${port}`)
})

@flotwig What you had was real close! I was able to reproduce the error with this node server:

const https = require('https')
const cert = require('https-pem')

const port = process.env.PORT || 12345

const server = https.createServer({
   //secureProtocol: 'TLSv1_2_server_method',
   secureProtocol: 'TLSv1_server_method',
  ...cert
}, (req, res) => {
  res.setHeader('content-type', 'text/html') // required by Cypress cy.visit
  res.end('foo')
})

server.listen(port, () => {
  console.log(`listening at https://127.0.0.1:${port}`)
})

Run it as is and then hit with cy.visit(), you'll see the error. Then swap the secureProtocol setting to use TLSV1.2 and run the same cy.visit() and page loads successfully.

@flotwig do you think a fix is possible or should this be reported upstream? Will be good to know who is responsible for fixing this so that I can make some decisions regarding staying put with 3.4.1 (this is the only cypress version which works with TLS1)

Run it as is and then hit with cy.visit(), you'll see the error. Then swap the secureProtocol setting to use TLSV1.2 and run the same cy.visit() and page loads successfully.

@fourthmeal70 Nice, got it working. I notice that I get this error:

Error: write EPROTO 1942426598472:error:1000042e:SSL routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION:../../third_party/boringssl/src/ssl/tls_record.cc:587:SSL alert number 70

Which is different from the error in the OP, which was:

Error: write EPROTO 3343909432:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569: 

So I wonder if this is actually an accurate representation of the real issue.

Still, we can fix the TLSV1_ALERT_PROTOCOL_VERSION error in Cypress by updating the network code to pass a minVersion of TLSv1 (the default is TLSv1.2). I'll open a PR: #6130

do you think a fix is possible or should this be reported upstream?

@natkrish See above - we can fix the TLSV1_ALERT_PROTOCOL_VERSION, but without a reproducible example for the UNSUPPORTED_PROTOCOL error, it's uncertain if this will also fix the UNSUPPORTED_PROTOCOL error.

You can pull down my PR and see if it does indeed fix your issue, that would be super helpful: #6130

@flotwig definitely I will it pull it down and report back either tonight or tomorrow AM. Thanks so much for this investigative and fixing work. Much appreciated. Hopefully it will work. Fingers crossed!

@flotwig Good catch! I was just excited that an error appeared.. obviously I didn't look closely enough at it haha.

Anyway, I pulled down your PR and tested on my end and everything appears to work! 🎉
So it looks like the change may have fixed both errors we've now seen. I'm interested to see if @natkrish gets the same results.

@fourthmeal70 if you don’t mind can you let me me know the steps that you took to do a pull down? Sorry this is my first time with PR stuff hence asking.

@fourthmeal70 if you don’t mind can you let me me know the steps that you took to do a pull down? Sorry this is my first time with PR stuff hence asking.

You should just be able to clone the repo, checkout my branch, npm i, and start it. Like this:

git clone https://github.com/cypress-io/cypress.git
cd cypress
git checkout issue-5446-tlsv1-fix
npm i
npm run cypress:open  # same as `cypress open`, use `cypress:run` if you want to test `cypress run`

@flotwig thanks. Working on it. Will let you know shorltly

@flotwig Yessssssssssssssssssssssssssss I can confirm that it is now working with your fix in place. 👍

Awesome, thanks for checking! Will work on getting this merged and released.

@flotwig Thanks so much. Looking forward to it.

@flotwig how long will it take for cypress to release the next version with this bug fix?

@natkrish it should be in 3.8.3 which is scheduled for next Friday

The code for this is done in cypress-io/cypress#6130, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

Released in 3.8.3.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v3.8.3, please open a new issue.