Phantomjs: --ignore-ssl-errors not working

Created on 27 Apr 2014  ·  49Comments  ·  Source: ariya/phantomjs

I'm having a problem where I'm seeing "SSL handshake failed" only on my AWS EC2 instance, even though I'm using --ignore-ssl-errors=true. The weird part is it ONLY happens on my EC2 instance for this one website, and it works locally. I'm also using --ssl-protocol=tlsv1 and their website is using SNI with AWS Cloudfront. Both my EC2 instance and my local machine are on PhantomJS 1.9.7.

I've tried everything like making sure openssl and ca-certificates are up to date, making sure we have their correct cert, making sure curling their site works, and pointing phantomjs to the certificates directory.

Here's some of my --debug=true output:

getting https://learni.st
phantom stderr: 2014-04-27T06:18:25 [DEBUG] WebPage - updateLoadingProgress: 10 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] Network - SSL Error: "No error" 
2014-04-27T06:18:25 [DEBUG] Network - SSL Error: "No error" 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] CookieJar - Saved "AWSELB=77C1F30691E24C3635F1BC72711A62B209E042A855CCD8B001F19C9CB6DBDF2F79067F1DA44C89C0961A758EBC0211B52B5FCE241033BBB205D68C8891EAEEC1E94E1F71; domain=learni.st; path=/" 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] WebPage - updateLoadingProgress: 11 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] Network - Resource request error: 6 ( "SSL handshake failed" ) URL: "https://assets2.learni.st/spa/css/vendor-9e306212.css" 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] Network - Resource request error: 6 ( "SSL handshake failed" ) URL: "https://assets1.learni.st/spa/css/app-0ee007ab.css" 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] Network - Resource request error: 6 ( "SSL handshake failed" ) URL: "https://assets1.learni.st/spa/js/app-a16957cd.js" 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] Network - Resource request error: 6 ( "SSL handshake failed" ) URL: "https://assets2.learni.st/spa/js/vendor-35e66510.js" 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] Network - Resource request error: 6 ( "SSL handshake failed" ) URL: "https://assets0.learni.st/spa/js/select2.min-16f03230.js" 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] Network - Resource request error: 6 ( "SSL handshake failed" ) URL: "https://assets3.learni.st/spa/js/templates-11af8771.js" 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] WebPage - updateLoadingProgress: 25 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] WebPage - setupFrame "" 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] WebPage - updateLoadingProgress: 100 

phantom stderr: 2014-04-27T06:18:25 [DEBUG] WebPage - setupFrame ""
...

The weird part is the SSL Error: "No error" on the homepage. That page loads just fine and calls onResourceReceived, but the subsequent requests don't load and call the onResourceError function.

Isn't --ignore-ssl-errors=true supposed to keep those SSL handshake errors from happening?

All 49 comments

The option --ignore-ssl-errors=true doesn't force PhantomJS to use ANY secure layer (SSL or TLS), i.e. PhantomJS will use SSLv3 with this option.
But, I agree with you, this option must tell PhantomJS to use any available protocol.

Thanks @Vitallium

Do you have any idea why --ignore-ssl-errors=true is not working since it's failing on SSL errors? Taking out --ssl-protocol=tlsv1 makes it fail locally with the same errors as above.

All I'm passing in is --load-images=false and --ignore-ssl-errors=true, and getting SSL handshake errors.

You need to combine these two options, then this web site will work. PhantomJS uses SSLv3 by default for all secure connections.

Oh, the error log from my first post is from using both --ignore-ssl-errors=true and --ssl-protocol=tlsv1 combined. And it's still giving the SSL error on my EC2 instance. If I ps aux | grep phantomjs I can see both arguments being passed in.

@Vitallium I saw that you added some labels to this issue. Were you able to reproduce the errors?

@thoop no. I can open this website by combining two options.

Would you like me to set up and give you access to an AWS machine with phantomjs set up on it to test with? How can I work with you to reproduce this to see what's going on? I doubt the log dump from above is enough to help you fix it without being able to reproduce it.

Just let me know how I can help.

Got the same problem... SSL handshake failed but commandline option --ignore-ssl-errors=true and also I got --web-security=false and still got a cross domain origin error..... looks like command line options are not working... or at least some of them.

@HasseM do you have an example?

@Vitallium, yes but my code is a big mess now due to my debugging... let me take out the Access-Cotrol-Allow-Origin with --web-security=false.

script.js:
var page = require('webpage').create();

res = phantom.injectJs("jquery.js");

$.get("http://www.nu.nl/",
{},
function(data) {
Logg("Got index page.");
phantom.exit();
}
);

started on Ubuntu64 with:
phantomjs --web-security=false script.js

result:
XMLHttpRequest cannot load http://www.nu.nl/. Origin file:// is not allowed by Access-Control-Allow-Origin.

Strange... with websucurity disabed, this should work...

for the SSL error I have no ready example to post here... but its exactly like in the first post here.

Oh, --web-security option doesn't work for PhantomJS's execution context. I have the patch for that, but it requires some tests before it will be landed to the master.
This is an another issue :-) See #11217

For the SSL error, I got the error message "SSL handshake failed" and the option --ignore-ssl-errors=true did not fix this.... What debug info do you need from me?

Like I said before, option --web-security doesn't work in the PhantomJS's execution context. So, you will have errors all the time.

edited my previous post, wrong option....

Also I got rid of the SSL error by specifying --ssl-protocol=tlsv1

I have both --ignore-ssl-errors=true and --ssl-protocol=tlsv1 set and I still get the error only on my AWS EC2 machines.

I am also facing this issue :( This is happening for me for a page which tries to fetch a JS file from a HTTPS CDN. I tried -ignore-ssl-errors=true, --ssl-protocol=tlsv1, --web-security=no ... nothing worked.
However, if I make the script src protocol as http, it loads the resource in the page and I can see the resource being successfully loaded from "page.onResourceReceived" callback, but I need to have the JS loading from HTTPS, any help in this direction would be greatly appreciated.

This works fine in PhantomJS 2. It seems that PhantomJS 1 has some problems with SNI.

The option --ignore-ssl-errors=true doesn't force PhantomJS to use ANY secure layer (SSL or TLS), i.e. PhantomJS will use SSLv3 with this option.

Is it smart with the POODLE Bug? (just wondering)

@saarthakvats did you ever figure out how to get this to work with https?

I'm also having this problem using phantomas. In OS X works fine without options but in Ubuntu 14.04.1 I've tried all combination with --ignore-ssl-errors and --ssl-protocol and nothing work :(

phantomas --debug --ignore-ssl-errors --ssl-protocol=tlsv3 --analyze-css https://dashboard.socialbro.com
...
Debug: WebPage - updateLoadingProgress: 14
Debug: Network - Resource request error: 6 ( "SSL handshake failed" ) URL: "https://dsh-cdn01.socialb.co/public/app/themes/shiro/css/default.css"
...

I’m working on a project that is attempting to track the uptime and availability of various government benefit services (e.g. food assistance programs). In using Phantom to get screenshots of sites when they’re down or having errors, we’ve run into the same problem. No setting for --ignore-ssl-errors, --ssl-protocol, or --ssl-ciphers seems to work.

If it helps, one site that is reliably failing is: https://www.c4yourself.com/c4yourself/index.jsp

Hi,

It worked for me, with:
C:\Program Files (x86)\phantomjs-1.9.8-windows>.\phantomjs.exe
--ignore-ssl-errors=true --ssl-protocol=any examples\rasterize.js
https://www.c4yourself.com/c4yourself/index.jsp screen.png

(before sending the command, I've set the HTTPS_PROXY environmental
variable with required URL for my net).

Hélio

On Thu, Mar 5, 2015 at 5:53 AM, Rob Brackett notifications@github.com
wrote:

I’m working on a project that is attempting to track the uptime and
availability of various government benefit services (e.g. food assistance
programs). In using Phantom to get screenshots of sites when they’re down
or having errors, we’ve run into the same problem. No setting for
--ignore-ssl-errors, --ssl-protocol, or --ssl-ciphers seems to work.

If it helps, one site that is reliably failing is:
https://www.c4yourself.com/c4yourself/index.jsp


Reply to this email directly or view it on GitHub
https://github.com/ariya/phantomjs/issues/12181#issuecomment-77311027.

This message has been scanned for viruses and
dangerous content by _MailScanner_ http://www.mailscanner.info/, and is
believed to be clean.

@HelioGuilherme66 Maybe it worked because of the proxy? It reliably fails on every network that I’ve tried it, on both OS X, Ubuntu, and Heroku (no proxies being used).

I should note, also, that SlimerJS handles it just fine. The Chrome and Safari browsers can also load the pages, so I think the issue is definitely with Phantom.

Hi Guys,
I am using PhantomCSS to do a screenshot comparison CSS test. Everytime i run the test i get a blank screenshot. The url is https site. I am pretty new to this and tried everything mentioned above and various other blogs to bypass the SSL, but nothing worked.

My current set up is PhantomJS version 1.9.2 and CasperJS version 1.1.0-DEV. OS: Windows 7

I tried CasperJS latest 1.1.0.(Beta) and PhantomJS 2.0.0 but that didnt seem to work. My code works fine with non https sites. Please advice what should i do.

@HelioGuilherme66's solution with --ssl-protocol=any worked for me.

I have the same issue on our build server only (dev machines work fine?).

Our tests run against a local server, where the client-side scripts make calls to a HTTPS (SNI cert) API endpoint. With --ignore-ssl-errors=true the calls to the HTTP API fail and our Protractor tests freeze. However, if I pass an invalid value for the --ssl-protocol=invalid flag, the tests continue but the API call returns a failed response. This means that the SSL handshake didn't work out. It's the same behavior we see with IE on WinXP, which doesn't support SNI. Relating to the SNI remark by @thoop.

I was able to work around the issue, by replacing the self-signed certificate for localhost with a certificate that uses SHA256 as algorithm, instead of SHA1. SHA1 algorithm certificates are not trusted by WebKit anymore, what forced the use of the --ignore-ssl-errors=true flag. With the SHA256 self-signed certificate (also stored in the Trusted Root CA store) this is no longer the case, and we do not need to ignore SSL errors, avoiding the issue.

Hi, I don't know why you closed this, guys, but
I have same issue and NO workaround since casperjs is using phantomjs < 2 and there are little plans for upgrade:
https://github.com/n1k0/casperjs/issues/987

There isn't any flag combination that helps

I have the same issue.

Unable to load resource (#1URL:https://www.popvox.com/bills/us/new)
Error code: 6. Description: SSL handshake failed

No flag combination helps.

Same, none of the solutions work on my Ubuntu ec2 instance... http://stackoverflow.com/questions/12021578/phantomjs-failing-to-open-https-site

@HelioGuilherme66 : Thanks, --ignore-ssl-errors=true --ssl-protocol=any worked for me

Have the same problem with 1.9.19 :(

Same with 2.1.1

--ignore-ssl-errors=true --ssl-protocol=any worked for me 1.9.2

Fixed in 2.5 beta

I am using python and phantomjs driver to crawl google careers - https://www.careers.google.com
I tried in the service_args = ['--ignore-ssl-errors=yes','--ignore-ssl-errors=true','--ssl-protocl=any']
Phantomjs version 2.0.0

But it always renders about:blank

Having the same problem as @arunchandramouli. phantomjs --ignore-ssl-errors=true --ssl-protocol=any --debug=true but renders blank page. Works fine on dev environment where ssl is not enabled. production servers renders blank pages. Running on heroku.

debug output.

2017-02-20T09:39:06 [DEBUG] Network - Resource request error: 6 ( "SSL handshake failed" ) URL: "https://mysite.com/image_placeholders?page_uuid=03aaa2ee-7f16-4fa2-8609-20bcb50576c1"

I have the same problem as @cardiner and @arunchandramouli
I use this way for configure PhantomJS for my Python code:
`webdriver.DesiredCapabilities.PHANTOMJS['phantomjs.page.settings.userAgent'] = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36'

webdriver.DesiredCapabilities.PHANTOMJS['phantomjs.page.settings.load-images'] = True
webdriver.DesiredCapabilities.PHANTOMJS['phantomjs.page.settings.ignore-ssl-errors'] = True
webdriver.DesiredCapabilities.PHANTOMJS['phantomjs.page.settings.ssl-protocl'] = 'any'`

I am facing the same issue. Below code working fine in windows where it is also executing the https but in Ubuntu I am getting same error for https. it is working fine for http

I am using the below code

DesiredCapabilities capabilities = null;
ArrayList cliArgsCap = new ArrayList();
capabilities = DesiredCapabilities.phantomjs();
cliArgsCap.add("--web-security=false");
cliArgsCap.add("--ssl-protocol=any");
cliArgsCap.add("--ignore-ssl-errors=true");
capabilities.setCapability("takesScreenshot", true);
capabilities.setJavascriptEnabled(true);
capabilities.setCapability(
PhantomJSDriverService.PHANTOMJS_CLI_ARGS, cliArgsCap);
capabilities.setCapability(
PhantomJSDriverService.PHANTOMJS_GHOSTDRIVER_CLI_ARGS,
new String[] { "--logLevel=2" });

Same here, getting the SSL handshake error using the 2.1.15 version. I am using

--ignore-ssl-errors=true --ssl-protocol=any

I am using angular js and phantomjs driver to crawl google careers - https://example.com
I tried in the service_args = ['--ignore-ssl-errors=yes','--ignore-ssl-errors=true','--ssl-protocl=any']
Phantomjs version 2.1.1.
I tried in the service_args ,but is same ssl error. google crawl not accept the https://example.com/?_escaped_fragment_= request,In https but it still working in http.Like http://example.com/?_escaped_fragment_= .i don't understand why not take request https ?
please help me...

when i request the service_args:

    phantomjs --disk-cache=no  --ignore-ssl-errors=yes --ignore-ssl-errors=true --ssl-protocol=any /opt/bitnami/apache-tomcat/stt/ROOT/js/angular-seo.js 9090 https://example.com/

I had problems with this, unti I figured it out that my SSL Certificate from Comodo was wrongly configured, I followed this tutorial https://www.namecheap.com/support/knowledgebase/article.aspx/9419//installing-a-certificate-on-nginx and now it works ok :)

@verishal your certificate is from comodo?

No.because I get certificate from SSL4.

Also facing this problem.
The page is blank.

sfantu.Do you have some idea?

Page is navigating to about:blank. Tried all the combination mentioned above with SSL, but nothing worked. Exactly same issue as @shubhamj-cuelogic mentioned

Was this page helpful?
0 / 5 - 0 ratings

Related issues

yisibl picture yisibl  ·  5Comments

bhuvnesh2703 picture bhuvnesh2703  ·  3Comments

dhilipsiva picture dhilipsiva  ·  4Comments

Snowlav picture Snowlav  ·  3Comments

h4wlt picture h4wlt  ·  5Comments