getting "ECONNRESET" when using SSL

Question

getting "ECONNRESET" when using SSL

declan782 opened this issue 2 years ago · comments

hi there,

I'm connecting a RabbitMQ cluster behind a load balancer with amqplib:

var connectObj = {
  protocol: 'amqps',
  hostname: '<hostname>',
  port: 5671,
  username: '<username>',
  password: '<password>',
  vhost: '<vhost>',
};
var opts = {ca:[fs.readFileSync("cacerts.pem")]};// the PEM contains several server certs. 
amqp.connect(connectObj,opts).then(function(conn) {
  process.once('SIGINT', function() { conn.close(); });
  return conn.createChannel().then(function(ch) {
    var ok = ch.assertQueue('test', {durable: false});
    ok = ok.then(function(_qok) {
      return ch.consume('hello', function(msg) {
        console.log(" [x] Received '%s'", msg.content.toString());
      }, {noAck: true});
    });

    return ok.then(function(_consumeOk) {
      console.log(' [*] Waiting for messages. To exit press CTRL+C');
    });
  });
}).catch(console.warn);

but keep getting below error:

Error: read ECONNRESET
    at TLSWrap.onStreamRead (node:internal/stream_base_commons:217:20) {
  errno: -4077,
  code: 'ECONNRESET',
  syscall: 'read'
}

or

Error: write ECONNRESET
    at WriteWrap.onWriteComplete [as oncomplete] (node:internal/stream_base_commons:94:16)
    at handleWriteReq (node:internal/stream_base_commons:61:21)
    at writeGeneric (node:internal/stream_base_commons:149:15)
    at Socket._writeGeneric (node:net:917:11)
    at Socket._write (node:net:929:8)
    at writeOrBuffer (node:internal/streams/writable:392:12)
    at _write (node:internal/streams/writable:333:10)
    at Writable.write (node:internal/streams/writable:337:10)

any help is appreciated.

declan782 · Answer 1 · Mon Nov 21 2022 17:15:12 GMT+0800 (China Standard Time)

and I used below command to verify the SSL:

openssl s_client -CAfile cacerts.pem -connect <hostname>:5671

I can find the result is:

Verify return code: 0 (ok)

Stephen Cresswell · Answer 2 · Mon Nov 21 2022 17:26:14 GMT+0800 (China Standard Time)

Hi @declan782,

ECONNRESET indicates that the connection was closed by a peer, which could be the RabbitMQ server or your load balancer.

Have you checked the RabbitMQ / Load balancer logs (increasing the logging level if there's nothing useful)?
At what point does the error occur - after a successful connection, or after your script has received the SIGINT?

Stephen Cresswell · Answer 3 · Mon Nov 21 2022 17:28:57 GMT+0800 (China Standard Time)

Also worth checking previous issues if you haven't done so already.

declan782 · Answer 4 · Mon Nov 21 2022 17:44:10 GMT+0800 (China Standard Time)

hi @cressie176 ,
Thanks for your reply.
The error occors when the script is started, NOT after a successful connection.

btw, we have another app, which is written in Java, it's ok to connect with SSL.

Stephen Cresswell · Answer 5 · Mon Nov 21 2022 18:26:16 GMT+0800 (China Standard Time)

I have a working example using docker-compose. Maybe it will help.

declan782 · Answer 6 · Thu Nov 24 2022 11:22:03 GMT+0800 (China Standard Time)

The issue is resolved after upgrading amqplib from 0.5.5 to 0.10.3. NODE version is 16.16.0.
if only newer versions can support SSL, appreciate if it can be stated it out in the guide. Thanks.

Stephen Cresswell · Answer 7 · Fri Nov 25 2022 04:29:20 GMT+0800 (China Standard Time)

Thanks for updating @declan782,

I found the following in the changelog for v0.8.0

Use hostname as TLS servername, to help with using servers behind load balancers (#567, thanks to @carlhoerberg and commenters)

I suspect this may have been what caused the problems in your case