SSL Errors with HTTPoison

Question

SSL Errors with HTTPoison

Closed this issue 7 years ago · 5 comments

collegeimprovements commented 7 years ago

I'm getting the follwing error:

$ Elasticsearch.get("/_cat/health")

13:51:37.261 [info]  ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1624 generated CLIENT ALERT: Fatal - Unknown CA', 10]
{:error, %HTTPoison.Error{id: nil, reason: {:tls_alert, 'unknown ca'}}}

When I run the following query, it runs successfully. Ref

$ HTTPoison.get("https://servername:9200/_cat/health", [], [ ssl: [{:versions, [:'tlsv1.2']}] ])

Can we set some Env var or set some config value to solve this issue ?
I tried the following in config.exs file with no good result.

config :ssl, protocol_version: :"tlsv1.2"

Answer 1 · 2018-01-23T16:43:09.000Z

@collegeimprovements What version of Elasticsearch are you running?

Answer 2 · 2018-02-01T11:24:49.000Z

We are on Elasticsearch-5.5.

Answer 3 · 2018-02-02T22:51:35.000Z

This error occurs when the certificate authority for the target url is unknown to Hackney. Is it a self-signed certificate?

See these other GitHub issues for reference:

edgurgel/httpoison#62
edgurgel/httpoison#119
edgurgel/httpoison#294

Answer 4 · 2018-02-06T11:13:23.000Z

Yes. It seems like we have self signed certificates. Is there any workaround for this issue ?
[ e.g. we are able to hit HTTPoison queries with the above mentioned ssl option. ]
Or there is no simple workaround apart from asking people who host ElasticSearch to provide certificate files!?

Answer 5 · 2018-02-09T22:15:08.000Z

We should add an hackney_options configuration setting to Elasticsearch. This would allow you to pass the ssl: [{:versions, [:'tlsv1.2']}] settings that are working for you.