Error 'bad record mac' starting websockex (Erlang >20 SSL Issue)

[mbenatti]

Hello,
I'm trying to connect and test the "wss://api.bitfinex.com/ws/2"
Docs: https://bitfinex.readme.io/v2/reference#ws-public-ticker

Code:

iex(10)> uri = URI.parse "wss://api.bitfinex.com/ws/2"
%URI{
  authority: "api.bitfinex.com",
  fragment: nil,
  host: "api.bitfinex.com",
  path: "/ws/2",
  port: 443,
  query: nil,
  scheme: "wss",
  userinfo: nil
}
iex(11)> conn = WebSockex.Conn.new uri                
%WebSockex.Conn{
  cacerts: nil,
  conn_mod: :ssl,
  extra_headers: [],
  host: "api.bitfinex.com",
  insecure: true,
  path: "/ws/2",
  port: 443,
  query: nil,
  socket: nil,
  socket_connect_timeout: 6000,
  socket_recv_timeout: 5000,
  transport: :ssl
}
iex(12)> start_link = WS.start_link conn, :fake_state 
[info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'cipher', 32, 'received SERVER ALERT: Fatal - Bad Record MAC', 10]
{:error, %WebSockex.ConnError{original: {:tls_alert, 'bad record mac'}}}
iex(13)> 

Its some limitation in lib or im doing something wrong?

[Azolo]

This is actually an issue with SSL negotiation.

I don't know if it's a problem with something I'm doing though.

Could you see which version of Erlang and OpenSSL you are using?

[mbenatti]

Thanks for a quick response,

Info's below:

erlang 20.1
elixir 1.6.0
OpenSSL> version
OpenSSL 1.1.0g  2 Nov 2017
Linux ThinkPad-T440 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

[mbenatti]

ok... seems something different with ssl library in erlang 20 or a bug.

I switch to erlang 19.3 and it worked:

iex(1)> uri = URI.parse "wss://api.bitfinex.com/ws/2"
%URI{
  authority: "api.bitfinex.com",
  fragment: nil,
  host: "api.bitfinex.com",
  path: "/ws/2",
  port: 443,
  query: nil,
  scheme: "wss",
  userinfo: nil
}
(search)`':                                                
nil
iex(3)> 
nil
iex(4)> conn = WebSockex.Conn.new uri
%WebSockex.Conn{
  cacerts: nil,
  conn_mod: :ssl,
  extra_headers: [],
  host: "api.bitfinex.com",
  insecure: true,
  path: "/ws/2",
  port: 443,
  query: nil,
  socket: nil,
  socket_connect_timeout: 6000,
  socket_recv_timeout: 5000,
  transport: :ssl
}
iex(5)> WS.start_link conn, :fake_state
Handle Connect
{:ok, #PID<0.476.0>}
Received Message - Type: :text -- Message: "{\"event\":\"info\",\"version\":2}"

[Azolo]

I really want to say that's surprising, but I can't. I honestly don't know how Erlang's SSL library works and trying to figure it out may be the death of me.

I don't think I'm going to spend much time trying to figure this one out, I don't think my sanity can handle another dive into Erlang SSL at the moment. However, I'm going to leave this open in hopes that some kind soul will come and tell us what is happening here.

[spunkedy]

@Azolo while trying to find a resolution for my issues I found this:

https://bugs.erlang.org/browse/ERL-538

looks like otp 21 works ?