question

zamo-zuan avatar image
2 Likes"
zamo-zuan asked

API SSL errors since last night

Last week Tuesday for about an hour we received SSL errors, and the next day we received a reminder about eBay's changes coming at the end of April, so I assumed the problems were related to that.

This morning we discover our software has been erroring since about 4PM yesterday. Basically none of our Trading API calls are going through with this error:


Error: write EPROTO 140040447694720:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 70


Since this has been going on more than 12 hours it's very alarming at this point!

ssl
· 1
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brpar_6985 avatar image brpar_6985 commented ·

Your TLS client is not using version 1.2 or higher, which is what the new changes are now requiring. This may hint to an even bigger security issue on your end since that version is quite old at this point (TLS 1.2 was released in 2008).

0 Likes 0 ·
rydan313 avatar image
1 Like"
rydan313 answered

It is called a scream test. Most companies do this when a major change is about to happen. The point is to break your app so you scream. You should fix your app otherwise this problem will be permanent.

· 1
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

zamo-zuan avatar image zamo-zuan commented ·

According to the code itself, it's using 1.2. Here's an excerpt from the package performing the update:

secureProtocol: 'TLSv1_2_method',

A bit older legacy Node syntax without min/max, but shouldn't be causing these issues, as secureProtocol is still supposed to still be fully functional for TLS 1.2

Not sure why eBay would reject this?

0 Likes 0 ·
ubix avatar image
3 Likes"
ubix answered

I updated my app to support TLS 1.2 and we continue to see the errors, so it is not likely to be a 'scream test'.


· 2
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

zamo-zuan avatar image zamo-zuan commented ·

First off, I'm very sorry to hear you're encountering these issues too!


But it is a bit of a relief to hear we weren't the only ones affected! As I had shown in the other comment under rydan, we're using a package that explicitly calls TLS 1.2.


So it doesn't seem like a scream test. Not sure exactly what is happening.


I remember something similar from years back, when they first started moving beyond TLS 1.0. At the time, developers did a work-around where they locked their calls to 1.0, as sometimes they would receive similar SSL errors from 1.1/1.2...

0 Likes 0 ·
zamo-zuan avatar image zamo-zuan zamo-zuan commented ·
That was due to differences in the machines that you happened to connect to when using the API.


This seems oddly reminiscent of that, but in the opposite way - where 1.2 is sometimes failing.


Our errors stopped that night I had posted and to my knowledge haven't appeared again. Will update if it happens again, of course!

0 Likes 0 ·
moan-38 avatar image
3 Likes"
moan-38 answered

Hi,

We are getting an error when trying to GetOrders through the API.

It happened last week too, but auto-corrected in few hrs. Tonight, it is not at all working.

The error we get is: TypeError: xmlDocument is null

Can someone please help.

Thanks.


· 1
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

zamo-zuan avatar image zamo-zuan commented ·
Our orders calls hadn't had issues since that night. But as I'd mentioned in response to ubix, I suspect this may be similar to past issues that happened when they were upgrading to TLS 1.2, where depending on what machine you were connecting to, it may have been configured differently and gave a very similar error. Forcing 1.0 fixed that. But now that we have to force 1.2, it could be that some API machines aren't properly configured for 1.2?


Just a guess, from such a similar error.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.