HTTPS request with HTTPoison

bender · December 11, 2021, 12:54pm

Hello.

I spent a day trying manage this wall, but didn’t successed. When I send a request it ends up with an error:

** (HTTPoison.Error) {:tls_alert, {:handshake_failure, 'TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure\n'}}
    (httpoison 1.8.0) lib/httpoison.ex:156: HTTPoison.request!/5

The same problem is described here HTTPS handshake error: Fatal - Handshake Failure - #11 by rjk but solution didn’t help.

Here is my code:

    rsa_kx = :ssl.cipher_suites(:all, :"tlsv1.2") ++ [%{key_exchange: :rsa, cipher: :aes_256_cbc, mac: :sha256}]

    HTTPoison.get!("https://etpgpb.ru/procedures.json", [],
      ssl: [
        ciphers: rsa_kx,
        verify: :verify_peer,
        cacertfile: :certifi.cacertfile(),
        depth: 3,
        customize_hostname_check: [
          match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
        ]
      ],
      log_level: :debug
    )

Also some details from nmap and curl.

nmap:

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       Forward Secrecy not supported by any cipher
|   TLSv1.1: 
|     ciphers: 
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       Forward Secrecy not supported by any cipher
|   TLSv1.2: 
|     ciphers: 
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       Forward Secrecy not supported by any cipher
|_  least strength: A

curl:

* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-SHA