Level 29
Its a known issue. Check these links, It contains useful information on this.
Mar 25, 2024
5
Level 1
Laravel Reverb + SSL + Ubuntu problem
Hello, I have a problem with reverb, I try many configuration but nothing work : Have reverb + ssl cert (letsencrypt, same as the website).
Wss is ok on the website, no problem, and it receive push event. But event are spamming the error log with :
cURL error 56: OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
Job fails and retry 3 time (so triple event on the web), fixed it by limit tries to 1, job fail but event is pushed. Tried many configuration in client_options but nothing work. Maybe related to curl limited in 7.81.0. So have to wait the next LTS version of ubuntu to upgrade curl.
- PHP version : 8.3.4 (ondrej ppa)
- libcurl 7.81.0 (cant upgrade)
- Ubuntu 22.04 LTS up to date
- Apache 2.4 latest
No workaround possible ? Is it possible to use wss + http or socket because Reverb is on the same server so https is useless (and have to use veryfypeer=>false) or it fail to send event to reverb. I can use apache SSL proxy to use ws. But I prefer using wss directly. Can catch the error and ignore it but not very good ! Any php 8.3 with a newer libcurl maybe ? No problem with soketi so I stay with soketi. Any good curl config to fix ?
Level 1
@gych thank you buy no solution here, already read these links, solution for nginx, or upgrade, buy my ubuntu is already upgraded. Reverb is a php server based on react php, and the client is a php cli process (laravel job with pushed php client). Not possible to upgrade libcurl. Maybe wait ubuntu 24.04 in a month with newer libcurl and fix. But now there isnt any solution. Have a gentoo server with libcurl 8.6, no problem, so libcurl problem, but impossible to upgrade on ubuntu. Any config maybe to temp fix this ?
1 like
Level 29
@neoteknic Are you using Ubuntu Focal?
Check this link it contains a potential solution but I can't confirm if this will work https://serverprobs.com/unexpected-eof-while-reading-same-server/
I've also seen that you could enable this option SSL_OP_IGNORE_UNEXPECTED_EOF https://www.openssl.org/docs/man3.0/man3/SSL_set_options.html
But by enabling this without protection your server is vulnerable for Truncation Attacks as stated in the docs
You should only enable this option if the protocol running over TLS can detect a truncation attack itself, and that the application is checking for that truncation attack.
Level 1
@gych I use jammy (22.04 LTS) , it's in my first post. So can't "easy" update libcurl. Already tried with : CURLOPT_SSLVERSION = CURL_SSLVERSION_TLSv1_2, CURLOPT_SSL_CIPHER_LIST = 'AES256+EECDH:AES256+EDH in reverb guzzle client option, but don"t fix Didn't find any way to use this options [ssl_default_sect] Options = SSL_OP_IGNORE_UNEXPECTED_EOF dont work in openssl.cnf Reverb is just not compat with ubuntu because of openssl+curl outdated bug. I will wait the next LTS in a month to use reverb.
2 likes
Level 1
Is there any update on this issue? I'm also facing the same problem
1 like
Please or to participate in this conversation.