grpc error SSL23_GET_SERVER_HELLO

Question

Working inside a Vagrant VM with Ubuntu 16.04...

I've previously been able to detect intents using Google's Dialogflow API, but now it throws an error after inside my new VM.

Steps:

1. Create Dialogflow project
2. Download application credentials JSON
3. npm i dialogflow

4. export GOOGLE_APPLICATION_CREDENTIALS=/path/to/creds.json

   node -e '
   const dialogflow = require("dialogflow");
   const cli = new dialogflow.SessionsClient();
   const session = cli.sessionPath("df-project-id", "session-id");
   const request = { session, queryInput: { text: { text: "Hello" } } };
   cli.detectIntent(request).then(console.log, console.error);'
   

Error:

Auth error:Error: write EPROTO 140436597872448:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827

Debugging:

Certificates are in their default location /etc/ssl/certs/ca-certificates.crt and I know that NodeJS is using them because NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt ${df test above} says:

(node:4067) Warning: Ignoring extra certs from '/etc/ssl/certs/ca-certificates.crt', load failed: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table

I see that the request is also using the authenticated proxy declared in environment variables:

http_proxy=http://user:pass@proxy:port
HTTP_PROXY=http://user:pass@proxy:port
https_proxy=http://user:pass@proxy:port
HTTPS_PROXY=http://user:pass@proxy:port

Request:

{
  "pathname": "https://www.googleapis.com/oauth2/v4/token",
  "nativeProtocols": {
    "http:": {
      "METHODS": [...],
      "STATUS_CODES": {...},
      "globalAgent": {
        "domain": {
          "domain": null,
          "_events": {},
          "_eventsCount": 1,
          "members": []
        },
        "_events": {},
        "_eventsCount": 1,
        "defaultPort": 80,
        "protocol": "http:",
        "options": {
          "path": null
        },
        "requests": {},
        "sockets": {},
        "freeSockets": {},
        "keepAliveMsecs": 1000,
        "keepAlive": false,
        "maxSockets": null,
        "maxFreeSockets": 256
      }
    },
    "https:": {
      "globalAgent": {
        "domain": {
          "domain": null,
          "_events": {},
          "_eventsCount": 1,
          "members": []
        },
        "_events": {},
        "_eventsCount": 1,
        "defaultPort": 443,
        "protocol": "https:",
        "options": {
          "path": null
        },
        "requests": {},
        "sockets": {},
        "freeSockets": {},
        "keepAliveMsecs": 1000,
        "keepAlive": false,
        "maxSockets": null,
        "maxFreeSockets": 256,
        "maxCachedSessions": 100,
        "_sessionCache": {
          "map": {},
          "list": []
        }
      }
    }
  },
  "host": "proxy.*.com",
  "port": "8080",
  "hostname": "proxy.*.com",
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Content-Type": "application/x-www-form-urlencoded",
    "User-Agent": "axios/0.18.0",
    "Content-Length": 734,
    "host": "www.googleapis.com",
    "Proxy-Authorization": "Basic *hash*"
  },
  "method": "post",
  "path": "https://www.googleapis.com/oauth2/v4/token",
  "maxBodyLength": 10485760,
  "maxRedirects": 21,
  "protocol": "https:",
  "_defaultAgent": {
    "domain": {
      "domain": null,
      "_events": {},
      "_eventsCount": 1,
      "members": []
    },
    "_events": {},
    "_eventsCount": 1,
    "defaultPort": 443,
    "protocol": "https:",
    "options": {
      "path": null
    },
    "requests": {},
    "sockets": {},
    "freeSockets": {},
    "keepAliveMsecs": 1000,
    "keepAlive": false,
    "maxSockets": null,
    "maxFreeSockets": 256,
    "maxCachedSessions": 100,
    "_sessionCache": {
      "map": {},
      "list": []
    }
  }
}

Answer 1

Security team blocked googleapis.com domain without any notice... I was misled to believe the issue was caused by a misconfiguration with my new Vagrant VM.