External Web Requests Failing


#1

Sometime during late in the evening of the 5th of February 2020 (GMT+2), all of my pistons which were sending me notifications via my own Telegram bot have stopped working with the following error:

Error executing external web request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

These are GET requests to https://api.telegram.org/bot0000000000000:secret/sendMessage?chat_id=xxxxxxx&disable_notification=true&text=message

The url gets calculated correctly - when i copy the calculated url from the logs and manually visit in Chrome it works. The pistons have been working like this for many months - actually the last message that passed through was at 19:20 on 05/02/2020 (GMT+2).

There does not seem to be any issues with the certificate of api.telegram.org (it has been active since May18 and expires May20). I did no changes to the piston’s code, the certs seems to not have changed so I am at a loss!

Any ideas?


#2

the same error. Earlier it still runs normally

2/8/2020, 9:37:45 PM +525ms
+4ms â•”Received event [Home].test = 1581172665522 with a delay of 3ms
+62ms â•‘RunTime Analysis CS > 22ms > PS > 32ms > PE > 7ms > CE
+70ms â•‘Runtime (37552 bytes) successfully initialized in 32ms (v0.3.110.20191009) (62ms)
+73ms â•‘â•”Execution stage started
+78ms ║║Cancelling statement #5’s schedules…
+84ms â•‘â•‘Executed virtual command setVariable (1ms)
+93ms â•‘â•‘Sending external web request to: api.telegram.org/botxxxxxxxxxxxRXxWmkQI/sendMessage
+299ms â•‘â•‘Error executing external web request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
+300ms â•‘â•‘Executed virtual command httpRequest (208ms)
+303ms â•‘â•šExecution stage complete. (229ms)
+304ms â•šEvent processed successfully (304ms)


#3

Problem still ongoing… any one any ideas?


#4

Tried swapping the call to api.telegram.org to a testing website on one of my domains (SSL cert provided by LetsEncrypt) and i get the same error

so it seems to be a problem with not just Telegram (and its SSL cert provider)…


#5

I am using a POST request to my TinyCam server and it is working. Also making several GET requests to my GoogleSheets logging spreadsheets and they are working.


#6

I just noticed that my GoogleSheet logging piston is also not working:

|+685ms|â•‘â•‘Sending external web request to: https://script.google.com/macros/s/xxx/exec?
|+10721ms|â•‘â•‘Error executing external web request: java.net.SocketTimeoutException: Read timed out

PS:
I am on graph-eu01-euwest1.api.smartthings.com


#7

I have the exact same issue. Here is my log:

+70ms â•‘â•‘Sending external web request to: api.telegram.org/botxxxxxxxxxxxxxxxazXv5oxxxxxxc/sendMessage?chat_id=-xxxxxx53&text=Hello+World
+111ms â•‘â•‘Error executing external web request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

#8

I have noticed the same issue and created a topic in here describing what is the problem:

As stated on Telegram twitter page, Telegram Bot API doesn’t support TLS 1.1 anymore:

Not sure if the problem is on webcore or smartthings side, and nobody answered to my post so far.

@ady624 could you help please, as the problem starts to be noticed by more people.

I tried to add tlsVersion parameter to request parameters in “webcore piston” code but it doesn’t seems to fix the problem:

def requestParams = [
uri: “${protocol}://${userPart}${uri}”,
tlsVersion: “TLSv1.2”,
query: useQueryString ? data : null,
headers: (auth ? ((auth.startsWith(’{’) && auth.endsWith(’}’)) ? ( new groovy.json.JsonSlurper().parseText( auth ) ) : [Authorization : auth]) : [:]),
requestContentType: requestContentType,
body: !useQueryString ? data : null
]


#9

Anything new here?


#10

This does not seem to be related to TLS 1.2, at least on my SmartThings shard (graph.api.smartthings.com). Here is a piston to test which TLS version is supported. For me it shows “Your client is using TLS 1.2”

Please try making a copy of that piston to see if you are getting a different result. If so, let us know what shard you are on (the *.smartthings.com domain that you get redirected to after login at account.smartthings.com)


#11

Made a new piston from this example piston above, running the latest Webcore Beta & Webcore Piston Beta and I get an error for my own site: https:coreyswrite.com - same error I get with my other pistons we discussed in the beta test forum.

Error executing external web request: Status null raw response: java.net.ConnectException, error on response: Failed to complete. Message was: Received fatal alert: handshake_failure


#12

I am also getting the same trying to reach api.cloudradar.io/v1/ping


#13

I don’t know if this helps…

Assuming this post is still correct, I am on shard NA01 (graph.api…)

Ran a bunch of URLs starting with and editing the “doc6” piston code and got:

+0ms	â•”Received event [x].test = 1587566870947 with a delay of 0ms
+302ms	â•‘Error executing external web request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
+312ms	â•‘null
+314ms	â•šEvent processed successfully (314ms)

Changed URL to google.com:

+0ms â•”Received event [x].test = 1587567128505 with a delay of 0ms
+1077ms â•‘Google(function(){window.google={kEI:'GXXXXX9-A8',kEXPI:'31',kBL:'2amb'};google.sn='webhp';google.kHL='en';})();(function(){google.lc= !(c=a.getAttribute("eid")));)a=a.parentNode;return c google.kEI};google.getLEI=function(a){for(var c=null;a&&(!a.getAttribute !(c=a.getAttribute("leid")));)a=a.parentNode;return c};google.ml=function(){return null};google.time=function(){return Date.now()};google.log=function(a,c,b,d,g){if(b=google.logUrl(a,c,b,d,g)){a=new Image;var e=google.lc,f=google.li;e "";b -1!=c.search("&ei=") (e="&ei="+google.getEI(d),-1==c.search("&lei=")&&(d=google.getLEI(d))&&(e+="&lei="+d));d="";!b&&google.cshid&&-1==c.search("&cshid=")&&"slh"!=a&&(d="&cshid="+google.cshid);b=b "/"+(g "gen_204")+"?atyp=i&ct="+a+"&cad="+c+e+f+"&zx="+...[TRUNCATED]
+1080ms â•šEvent processed successfully (1080ms)

Changed URL to http://api.cloudradar.io/v1/ping

+0ms	â•”Received event [x].test = 1587567317647 with a delay of 1ms
+331ms	â•‘Error executing external web request: groovyx.net.http.HttpResponseException: Not Found
+340ms	â•‘null
+343ms	â•šEvent processed successfully (343ms)

Changed URL to my internal OctoPi IP 192.168.1.2

+1ms	â•”Received event [x].time = 1587567476666 with a delay of -1540ms
+143ms	â•‘[:]
+145ms	â•šEvent processed successfully (145ms)
4/22/2020, 10:57:36 AM +519ms
+0ms	â•”Received event [x].test = 1587567456518 with a delay of 0ms
+159ms	â•‘Setting up scheduled job for Wed, Apr 22 2020 @ 10:57:56 AM EDT (in 19.989s)
+168ms	â•šEvent processed successfully (168ms)

Changed URL to http://ip.jsontest.com/?callback=showMyIP which works in my browser. Also added log $response

+0ms	â•”Received event [x].test = 1587567765641 with a delay of 0ms
+229ms	â•‘Error executing external web request: groovyx.net.http.ResponseParseException: OK
+239ms	â•‘null
+245ms	â•‘null
+247ms	â•šEvent processed successfully (248ms)

Changed URL to http://worldclockapi.com/api/json/est/now , just logging $response now

+0ms	â•”Received event [x].test = 1587568238437 with a delay of 1ms
+251ms	â•‘[$id:1, currentDateTime:2020-04-22T11:10-04:00, currentFileTime:132320274386495592, dayOfTheWeek:Wednesday, isDayLightSavingsTime:true, ordinalDate:2020-113, serviceResponse:null, timeZoneName:Eastern Standard Time, utcOffset:-04:00:00]
+254ms	â•šEvent processed successfully (253ms)

Changed URL to my TinyCam server external IP http://USERNAME:[email protected]:8083/status.json

+0ms	â•”Received event [x].test = 1587568701074 with a delay of 0ms
+859ms	â•‘[available:17.8GB, backgroundMode:false, battery:100% (charged), cpuFrequencyMHz:816, cpuUsagePercentage:56, liveConnections:2, memoryFree:1.3GB, memoryUsed:261MB, motion:no, networkIn:195KB/s, networkOut:240KB/s, notifications:0, powerSafeMode:0, recorded:4MB, streamProfile:0, temperature:532, uptime:19 hour 46 min]
+862ms	â•šEvent processed successfully (862ms)

#14

I’m not clear on whether the sample piston works or does not work for you all.

We don’t have any control over networking on the ST platform, so this question is just to gather information. Which shards are you all seeing this on? Anyone else on NA01 with @kevin?

Sorry but the majority of those are http rather than https so there is no SSL handshake involved.


#15

I am on na04, made an exact copy of the sample piston “w6sx” and it suceeds with:

Your client is using TLS 1.2

My own SSL domain fails, it has a Let’s Encrypt Cert like @ant0nis mentioned.