14

I have this small code snippet that targets an endpoint hosted on localhost

var https = require('https');

var options = {
  hostname: 'localhost',
  port: 443,
  path: '/',
  method: 'GET',
  agent: false
};

var req = https.request(options, function(res) {
  console.log("statusCode: ", res.statusCode);
  console.log("headers: ", res.headers);
  res.on('data', function(d) {
    process.stdout.write(d);
  });
});
req.end();

req.on('error', function(e) {
  console.error(e);
});

and I always get the error:

{ [Error: socket hang up] code: 'ECONNRESET', sslError: undefined }

It seems that the request is not even received by the endpoint because the it's not captured by it and there is no timeout happening.

If I try a request like https:// localhost from the browser, it's sent successfully.

If I just change the host in the code to something like encrypted.google.com, it works successfully as well.

Anyone knows why this might happen ?

Edit: I've also tried adding the same headers sent by the browser like accept, user-agent .. etc, but still not working

Edit2: this is the stack trace that appeared when I logged it:

Error: socket hang up
at SecurePair.error (tls.js:1013:23)
at EncryptedStream.CryptoStream._done (tls.js:705:22)
at CleartextStream.read [as _read] (tls.js:496:24)
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.onCryptoStreamFinish (tls.js:301:47)
at EncryptedStream.g (events.js:180:16)
at EncryptedStream.EventEmitter.emit (events.js:117:20)
at finishMaybe (_stream_writable.js:360:12)
at endWritable (_stream_writable.js:367:3)
at EncryptedStream.Writable.end (_stream_writable.js:345:5)
nomier
  • 402
  • 1
  • 3
  • 12

1 Answers1

19

ECONNRESET means the TCP connection was closed unexpectedly, ie. somewhere mid protocol.

But the code you wrote seems OK to me.

Maybe you are running into this issue https://github.com/joyent/node/issues/5360

TL;DR: You could try with latest node version and secureOptions: constants.SSL_OP_NO_TLSv1_2 added to your options.

UPDATE SSLv3 is broken, https://access.redhat.com/articles/1232123 ; maybe ditch ISS?

wires
  • 4,718
  • 2
  • 35
  • 31
  • I'm using the latest node version v0.10.26 and I tried the "secureOptions: constants.SSL_OP_NO_TLSv1_2", but I still get the same error. Can the problem be related to how the host is being resolved or related to a certain firewall, the endpoint is ipv4, is there a way to make sure that the host is being resolved correctly ? – nomier Mar 24 '14 at 19:38
  • re: host, I'm not entirely sure, I doubt it. – wires Mar 24 '14 at 19:48
  • 2
    Maybe `secureProtocol: 'SSLv3_method'` can work for you. What webserver are you using? Also a trace of `curl -v https://localhost` would be useful. Also, is it a self signed certificate? – wires Mar 24 '14 at 19:53
  • Ok, so it worked fine with secureProtocol: 'SSLv3_method' what did that actually do ? :) also that's only in case of agent: false, if I set any value to the agent, the error comes back, do you know why is that. Just as an info: the hebserver is IIS and curl is working fine and the certificate is self signed. – nomier Mar 24 '14 at 21:15
  • 1
    AFAIK, that 'forces' SSL version 3. I'm tempted to say ISS is your problem, but I have never touched it with a stick even :-P. With self signed certificates you are likely to need `rejectUnauthorized: false` and optionally `strictSSL: false`. I'm not exactly sure what the (security) implications are of that. – wires Mar 24 '14 at 21:41
  • I already tried rejectUnauthorized: false, it doesn't solve the issue, anyway, thanks for the help, at least I got it to work :) – nomier Mar 24 '14 at 22:45