RequestError: EPROTO wrong signature type:ssl/t1_lib.c

Hi,

I tried to set up my first HTTP Request Node.

The assignment is (or should be) rather simple. It should GET this URL.
https://klanten.bizzsms.nl/api/send?username=SOMEUSER&code=TEST&text=TESTNODERED&phonenumbers=0032123456&sendertitle=TITLE

If I paste this URL in my browser, I get a valid response. Obviously the URL above is modified to hide some username details, but even then, the response is a valid one "0|1|user not found". Feel free to try it.

However, if I try this via the HTTP request node with the settings below, it just doesn't work:

I am received the following error message:
RequestError: write EPROTO 3801D2F14F7F0000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:ssl/t1_lib.c:1572:

So what am I doing wrong?

I can only report that this appears to work for me both in Browser and Node-RED

0|1|user not found

Version of Node-RED
Version of Node.js
OS and version?

See from CMD/Terminal prompt after node-red-stop|node-red-start

Start Node-RED
 
Once Node-RED has started, point a browser at http://XX.XX.XX.XX:1880
On Pi Node-RED works better with the Firefox or Chrome browser
 
Use   node-red-stop                          to stop Node-RED
Use   node-red-start                         to start Node-RED again
Use   node-red-log                           to view the recent log output
Use   sudo systemctl enable nodered.service  to autostart Node-RED at every boot
Use   sudo systemctl disable nodered.service to disable autostart on boot
 
To find more nodes and example flows - go to http://flows.nodered.org
 
Starting as a systemd service.
18 Jan 13:32:12 - [info]
Welcome to Node-RED
===================
18 Jan 13:32:12 - [info] Node-RED version: v3.0.2
18 Jan 13:32:12 - [info] Node.js  version: v16.19.0
18 Jan 13:32:12 - [info] Linux 5.15.0-58-generic x64 LE
18 Jan 13:32:12 - [info] Loading palette nodes

This will help people help you. (Beyond this, my knowledge ends....)

EDIT: Are you sure URL is correct in HTTP request?

Did you remember to put https on the front of the URL in node-red?

If it isn't that, it would appear to be a TLS signature incompatibility - are you using an old version of node.js?

Hi both,

Thank you for your help. Node-Red is installed via Home Assistant as an add-on.

I currently run this:

Welcome to Node-RED
===================
18 Jan 16:00:23 - [info] Node-RED version: v3.0.2
18 Jan 16:00:23 - [info] Node.js  version: v18.12.1
18 Jan 16:00:23 - [info] Linux 5.15.80 x64 LE


Add-on: Node-RED
 Flow-based programming for the Internet of Things
-----------------------------------------------------------
 Add-on version: 14.0.1
 You are running the latest version of this add-on.
 System: Home Assistant OS 9.4  (amd64 / qemux86-64)
 Home Assistant Core: 2023.1.5
 Home Assistant Supervisor: 2022.12.1
-----------------------------------------------------------

I'm pretty sure the URL is correct.
If I change HTTPS to HTTP, it is working fine (it returns 0|1|user not found). But it should work with HTTPS as well...

image

:sigh: . .

1 Like

No sure how to read your response. Is that a "sigh, why are you using Home Assistant?"? Or am I missing something here?

Sorry, it's just that as soon as HA is involved, things seem to get complicated.

All I can really suggest is trying a stand-alone install of Node-RED and see if it works there.

I am received the following error message:
RequestError: write EPROTO 3801D2F14F7F0000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:ssl/t1_lib.c:1572:
So what am I doing wrong?

You are not doing anything wrong. They use TLS1.2 instead of 1.3 and somehow the cipher they use is not compatible with 1.2 I suspect. Browsers tend to ignore these issues. Depending on your local setup, it might/might not work.

If you try this on the commandline, you will receive the same error:

echo | openssl s_client -servername klanten.bizzsms.nl -connect klanten.bizzsms.nl:443
...
verify return:1
58703D987F000000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:ssl/t1_lib.c:1572:

Forcing the tls version (as the browser indicated):

echo | openssl s_client -tls1_2 -servername klanten.bizzsms.nl -connect klanten.bizzsms.nl:443

No errors.

I don't think there is an option available to add ciphers/force the tls version to the http request node, instead you could use an exec node that performs a curl, like:

curl --tlsv1.2  "https://klanten.bizzsms.nl/api/send?username=SOMEUSER&code=TEST&text=TESTNODERED&phonenumbers=0032123456&sendertitle=TITLE"

Output:

image

I think there is a way to set this up in a openssl config file, but never tried this.

That works! Thanks for the workaround!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.