ERR_SSL_WRONG_VERSION_NUMBER in Web Relay #7646
Description
Describe the bug
An HTTPS connection is established via the MC server (relayPort 453) to a device with a web interface served on port 443. The web server has a self signed certificate.
The connection is established and is working for approximately 30 s before it is closed by MC with the following error message.
To Reproduce
Steps to reproduce the behavior:
- Open MC and click on a device.
- Click on the HTTPS link to establish a web relay to that device.
- Use the connection for 30 s or so
- The connection is dropped and the MC log shows the following:
Feb 23 14:06:08 <myhost>.internal node[27239]: RELAY: Web Relay TLS Connection Error Error: 80E189E7A67F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:358:
Feb 23 14:06:08 <myhost>.internal node[27239]: at Duplex.ondata (node:internal/js_stream_socket:79:22)
Feb 23 14:06:08 <myhost>.internal node[27239]: at Duplex.emit (node:events:518:28)
Feb 23 14:06:08 <myhost>.internal node[27239]: at addChunk (node:internal/streams/readable:561:12)
Feb 23 14:06:08 <myhost>.internal node[27239]: at readableAddChunkPushByteMode (node:internal/streams/readable:512:3)
Feb 23 14:06:08 <myhost>.internal node[27239]: at Readable.push (node:internal/streams/readable:392:5)
Feb 23 14:06:08 <myhost>.internal node[27239]: at SerialTunnel.obj.updateBuffer (/home/ec2-user/node_modules/meshcentral/apprelays.js:66:48)
Feb 23 14:06:08 <myhost>.internal node[27239]: at processRawHttpData (/home/ec2-user/node_modules/meshcentral/apprelays.js:521:50)
Feb 23 14:06:08 <myhost>.internal node[27239]: at WebSocket.<anonymous> (/home/ec2-user/node_modules/meshcentral/apprelays.js:472:21)
Feb 23 14:06:08 <myhost>.internal node[27239]: at WebSocket.emit (node:events:518:28)
Feb 23 14:06:08 <myhost>.internal node[27239]: at Receiver.receiverOnMessage (/home/ec2-user/node_modules/ws/lib/websocket.js:1220:20)
Feb 23 14:06:08 <myhost>.internal node[27239]: at Receiver.emit (node:events:518:28)
Feb 23 14:06:08 <myhost>.internal node[27239]: at Receiver.dataMessage (/home/ec2-user/node_modules/ws/lib/receiver.js:596:14)
Feb 23 14:06:08 <myhost>.internal node[27239]: at Receiver.getData (/home/ec2-user/node_modules/ws/lib/receiver.js:496:10)
Feb 23 14:06:08 <myhost>.internal node[27239]: at Receiver.startLoop (/home/ec2-user/node_modules/ws/lib/receiver.js:167:16)
Feb 23 14:06:08 <myhost>.internal node[27239]: at Receiver._write (/home/ec2-user/node_modules/ws/lib/receiver.js:94:10)
Feb 23 14:06:08 <myhost>.internal node[27239]: at writeOrBuffer (node:internal/streams/writable:572:12) {
Feb 23 14:06:08 <myhost>.internal node[27239]: library: 'SSL routines',
Feb 23 14:06:08 <myhost>.internal node[27239]: reason: 'wrong version number',
Feb 23 14:06:08 <myhost>.internal node[27239]: code: 'ERR_SSL_WRONG_VERSION_NUMBER'
Feb 23 14:06:08 <myhost>.internal node[27239]: }
Expected behavior
It's not clear why the connection is properly established, then dropped when there is an SSL problem. Is this just a more generic error when an underlying process has failed?
The time to dropping the connection is pretty consistent which is likely a good clue to the root cause, but I can't find anything.
Server Software (please complete the following information):
- OS: Amazon Linux 2023 (like Fedora)
- Virtualization: none
- Network: WAN, no offloading, proxying or otherwise
- Version: 1.1.55
- Node: 22.14.0
Client Device (please complete the following information):
- Device: Laptop or Tablet
- OS: Windows 11 / iOS
- Network: Remote with mobile data
- Browser: Chrome and Safari
- MeshCentralRouter Version: N/A
Remote Device (please complete the following information):
- Device: Server
- OS: Ubuntu 20.04
- Network: WAN
- Current Core Version (if known): Nov 21 2022, 2189501291
Additional context
Add any other context about the problem here.
Your sanitized config.json file
{
"$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
"settings": {
"cert": "access.domain-1.com",
"WANonly": true,
"sessionKey": "REDACTED",
"relayPort": 453,
"minify": true,
"compression": true,
"webRTC": true,
"wsCompression": true,
"agentPing": 50,
"agentPong": 50,
"browserPong": 50,
"agentWsCompression": true,
"debug": "web,agent,relay,websocket,webrelay,main,peer",
"dbExpire": {
"events": 5184000
}
},
"domains": {
"": {
"allowedOrigin": "europe.domain-1.com,access.domain-1.com,127.0.0.1",
"NewAccounts": false,
"authStrategies": {
"oidc": {
"client": {
"client_id": "REDACTED",
"client_secret": "REDACTED"
},
"custom": {
"preset": "azure",
"tenant_id": "REDACTED"
},
"callbackurl": "https://access.domain-1.com/auth-azure-callback",
"newAccounts": true
}
},
"ssh": true,
"deviceMeshRouterLinks": {
"extralinks": [
{
"name": "Synology DSM",
"protocol": "https",
"port": 5001,
"filter": [
"tag:Backup"
]
},
{
"name": "Router WebUI",
"protocol": "https",
"port": 443,
"filter": [
"tag:TMT",
"tag:DxS"
]
}
]
}
}
},
"letsencrypt": {
"email": "ghilton@domain-1.com",
"names": "REDACTED",
"rsaKeySize": 3072,
"production": true
}
}