跨域请求的间歇性 ERR_SSL_PROTOCOL_ERROR 错误

Question

The users of my website are seeing intermittent ERR_SSL_PROTOCOL_ERROR when making cross domain requests to api.flickr.com

By intermittent I mean that I've seen this happen 4 times out of ~1200 requests to the api yesterday.

Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR     https://api.flickr.com/services/rest/?method=flickr.photos.getInfo&api_key=.....

My site is and AngularJS application running on Google App Engine and is exclusivley avalable on HTTPS.

sslchecker shows that my site's certificate & certificate chain is installed correctly. Well, I think it looks ok!

sslchecker for api.flickr.com shows that ROOT 1 of the certificate chain is missing. Is that the problem? Is there any way around that for me?

Any other ideas? Is the problem that our certificates are issues by different authorities maybe?

Edit - Some other possibly relevant info gleaned from google analytics

• Have seen it happen for different OSes - Android, iOS, Windows
• Different browsers - Android, Chrome, Safari
• Different Network Domains

Answer 1

Persistent SSL Protocol Errors may be caused by problems like

• the destination server expects a different protocol (eg SSLv1, SSLv2, SSLv3)

• a violation of a security policy (eg some servers don't honor certificate requests made from client)

• Firewall impedance filtering / ciphering

---

Intermittent SSL Protocol Errors are very hard to diagnose. They can be the result of expired session, expired key, connectivity hiccup, lost packets, etc

Even worse, they can be caused by Server Side issues like date-time sync, server connection pool full, etc.

Best practice is to re-send the request: because such issues are often a temporary glitch, and usually succeed at 2nd attempt.

---

Flickr switched their API to SSL-only on June 27th, 2014 (a little under a year). Their Forum has blown up with SSL related problems since then.

In the past few months many users have reported ( check thread ) sporadic SSL Protocol Errors .

These Protocol Errors appear across all device types ( laptops, desktops, mobile, Linux, Windows , etc) and usually an immediate re-try is successful. The commonality and highly infrequent nature of these problems indicates there is some issue on the host side completely unrelated to anything on the client.

Since a re-fresh or 2nd attempt is usually successful, I suggest trapping the error, and making 1-3 more attempts:

var promise = flickrService.get(...);

promise.success(function (data, status, headers, config) {
        // Big Party
    })
    .error(function(data, status, headers, config) {
        if (status == 107) {
            promise = flickrService.get(...);

            promise.success(function (data, status, headers, config) {
                    // Big Party
                })
                .error(function (data, status, headers, config) {
                    AlertService.RaiseErrorAlert("Flickr temporarily unavailable.Please try again later");
                });
        }
    });

If you continue to get a "Protocol Error" , then inform the user that Flickr is temporarily unavailable and to try again later.

Answer 2

if you run into this error and you are testing localhost endpoint just make sure you use http instead of https as your url.

eg: http://localhost:8080/ not https://localhost:8080/

Answer 3

This might be the answer, but i'm guessing that this is probably not a client issue, so i would suggest you to update your api's server with that line added in the header :

Access-Control-Allow-Origin: https://api.flickr.com/*

This should fix the troubles some of your users are facing.