Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure requests to http://*.amazonaws.com:443 #2076

Closed
filipre opened this issue Jun 6, 2018 · 2 comments
Closed

Configure requests to http://*.amazonaws.com:443 #2076

filipre opened this issue Jun 6, 2018 · 2 comments
Labels
third-party This issue is related to third-party libraries or applications.

Comments

@filipre
Copy link

filipre commented Jun 6, 2018

Hi!

In our server setup we are using "Istio Side Car Injections" which take care of TLS throughout all our deployed applications. As a consequence, all our requests have to be made using HTTP and not HTTPS.
I am wondering, if there is a way to configure the aws-sdk to make request not to https://*.amazonaws.com but http://*.amazonaws.com:443. Notice that the protocol is http but the port is still 443.

I tried to use sslEnabled: false for each Amazon request as well as globally in the AWS object (using AWS.config.update [1]), but this seems not to solve my problem. I also noticed that you can specify a proxy server but I don't want to proxy my requests through a different server but simply change the protocol and port (and nothing else). I also experimented a bit with an http agent but could not come up with a solution.

This is my current error when I try to use sslEnabled: false only. The unknown protocol indicates that there are still requests using https.

{ Error: write EPROTO 140423368517440:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

    at WriteWrap.afterWrite [as oncomplete] (net.js:844:14)
  message: 'write EPROTO 140423368517440:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:\n',
  errno: 'EPROTO',
  code: 'NetworkingError',
  syscall: 'write',
  region: 'us-east-1',
  hostname: 'sts.amazonaws.com',
  retryable: true,
  time: 2018-06-06T11:42:24.536Z } 'Error: write EPROTO 140423368517440:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:\n\n    at WriteWrap.afterWrite [as oncomplete] (net.js:844:14)'

I hope my question makes sense for you. Is there a simple way to solve this?

Greetings
René

Related Issues

#1640, #862,

Node and SDK Version

  • aws-sdk: 2.215.1
  • Node Version: 9.11.1

References

[1] AWS.config.update

AWS.config.update({
   sslEnabled: false,
});
@filipre filipre changed the title Route requests to http://*.amazon.com:443 Change requests to http://*.amazonaws.com:443 Jun 6, 2018
@filipre filipre changed the title Change requests to http://*.amazonaws.com:443 Configure requests to http://*.amazonaws.com:443 Jun 10, 2018
@filipre
Copy link
Author

filipre commented Jun 12, 2018

For anyone having the same issue: It seems like Istio 0.8 introduced a new resource type ServiceEntry that can enable https for defined hostnames.

@filipre filipre closed this as completed Jun 12, 2018
@srchase srchase added third-party This issue is related to third-party libraries or applications. and removed third-party labels Jan 4, 2019
@lock
Copy link

lock bot commented Sep 28, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@lock lock bot locked as resolved and limited conversation to collaborators Sep 28, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
third-party This issue is related to third-party libraries or applications.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@srchase @filipre