!aotw is broken about rabot HOT 12 CLOSED

@vzapo sorry for the late reply.

I checked the logs and noticed that !aotw command is crashing RABot and it's starting again thanks to supervisorctl. (who was the dumb/lazy developer who didn't code the damn .catch() callback? 😇 )

Here's the log message:

{
  "level": "error",
  "time": "Sat Jan 04 2020 12:54:09 GMT+0000 (UTC)",
  "pid": 13577,
  "hostname": "retroachievements.org",
  "message": "request to https://retroachievements.org/ failed, reason: write EPROTO 139780479150976:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1544:SSL alert number 40\n",
  "type": "system",
  "errno": "EPROTO",
  "code": "EPROTO",
  "msg": "request to https://retroachievements.org/ failed, reason: write EPROTO 139780479150976:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1544:SSL alert number 40\n",
  "stack": "FetchError: request to https://retroachievements.org/ failed, reason: write EPROTO 139780479150976:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1544:SSL alert number 40\n\n    at ClientRequest.<anonymous> (/srv/discord-bot/node_modules/node-fetch/lib/index.js:1455:11)\n    at emitOne (events.js:116:13)\n    at ClientRequest.emit (events.js:211:7)\n    at TLSSocket.socketErrorListener (_http_client.js:387:9)\n    at emitOne (events.js:116:13)\n    at TLSSocket.emit (events.js:211:7)\n    at onwriteError (_stream_writable.js:418:12)\n    at onwrite (_stream_writable.js:440:5)\n    at _destroy (internal/streams/destroy.js:39:7)\n    at TLSSocket.Socket._destroy (net.js:574:3)",
  "v": 1
}

making the "stack" property more readable:

FetchError: request to https://retroachievements.org/ failed, reason: write EPROTO 139780479150976:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1544:SSL alert number 40

    at ClientRequest.<anonymous> (/srv/discord-bot/node_modules/node-fetch/lib/index.js:1455:11)
    at emitOne (events.js:116:13)
    at ClientRequest.emit (events.js:211:7)
    at TLSSocket.socketErrorListener (_http_client.js:387:9)
    at emitOne (events.js:116:13)
    at TLSSocket.emit (events.js:211:7)
    at onwriteError (_stream_writable.js:418:12)
    at onwrite (_stream_writable.js:440:5)
    at _destroy (internal/streams/destroy.js:39:7)
    at TLSSocket.Socket._destroy (net.js:574:3)

Alright, something related to SSL and such, but curiously it only happens in production. I'm unable to reproduce locally.

I'm still investigating it.

from rabot.

noticed the same behavior for !whatcheevo command, and added the .catch() to avoid it crashing the bot.

luchaos said he'll check if it's really a SSL certificate issue.

from rabot.

Looks like it's related to the nginx ssl setting ssl_ecdh_curve secp384r1; which causes issues with node 8 (?) I adjusted the nginx webserver to also allow prime256v1. See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve

Please try again and let me know if that changed anything.

Out of curiosity - is that the only instance where https is used? As that problem should probably occur more often if the site is scraped or its API used.
The quickest solution to this problem would be to use http - which is still supported (to my dismay). But i'd rather have it use https instead to be future proof - as the whole server might go https-only some day.

from rabot.

great news @luchaos the issue is no more,that fixed it. !aotw works now as expected.
I haven't seen this issue on other commands, but will keep an eye.

Also is there a reason not to upgrade to a newer node version? at least 10 or the 12? node 12 has tls.1.3 and also private class fields :)

from rabot.

@meleu apparently this is working now. Is it still an issue somewhere or the ticket can be closed? 👍

from rabot.

I've just tested on #botspam channel and it's not working.
curiously it works fine on my "dev" version, though. 🤔

from rabot.

I've seen on #botspam what your saying and yes it appears to be somehow broken... . I'll try and take another look

from rabot.

@meleu is it possible to get some production logs to investigate !aotw command more? Can't seem to reproduce any error from local and maybe there's something useful in there...

If you can digup the logs from #botspam channel on 2019/01/02 at 19:07PM GMT:

RABotBOTToday at 7:07 PM
@zapo, :hourglass: Getting AotW info, please wait...

or some newer example would be greatful.

from rabot.

The SSL issue won't be reproducible on local and unfortunately I had not come across an issue like this before but from what I've momentary understand from that error log is the certificate that the request makes to retroachievements.org does not match hence error.

I'm not sure but this might help a bit: https://stackoverflow.com/questions/36370656/solving-sslv3-alert-handshake-failure-when-trying-to-use-a-client-certificate

from rabot.

In an effort to harden security on the server, old protocols and their cipher suites have been disabled for secure connections to https://retroachievements.org.

Going by the log output above it looks like node tries to connect with a sslv3 handshake, while this is not available anymore (only tls1.2 and tls1.3 at the time of writing).

I'll try to figure out what has to be done so that node fetch uses the tls method instead - any hint is appreciated. My node-fu is not that strong.

from rabot.

Upgraded - node 12 is available on the server now :) Thanks for the heads up!
Doing that was on my todo list for quite some time now anyways as node 8 reached its EOL.

from rabot.

Thanks guys!
Closing this issue.

from rabot.