issue Summary:
I am experiencing a TLS handshake failure when attempting to access my API Gateway endpoint.
The error occurs during the TLS handshake phase, specifically returning a "LibreSSL SSL_connect: SSL_ERROR_SYSCALL" error message.
This issue is preventing clients from successfully connecting to the API.
i cant find out what couse to this. the api endpoint (lambda) could work for 100 times - but than suddenly stop working for few minutes.
its happen localy and also in production (work most of the time but suddenly stop working - then after few seconds work again)
Services Used:
1 REST API + aws ssl cert
2 AWS Lambda
3 Amazon RDS (though the issue seems to occur before reaching the Lambda function or the database)
4 rds and lambda are in vpc
Error Encountered:
When using curl to make a request to my API Gateway endpoint (https://api.exmple.com/call),
I receive the following output, indicating a failure during the TLS handshake:
- Trying 55.444.33.444:443...
- Connected to api.exmple.com (55.444.33.444) port 443 (#0)
- ALPN: offers h2,http/1.1
- (304) (OUT), TLS handshake, Client hello (1):
- CAfile: /etc/ssl/cert.pem
- CApath: none
- LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.exmple.com:443
- Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.exmple.com:443
[ when its work its look like this: ]
- Connected to api.exmple.com (54.155.198.118) port 443
- ALPN: curl offers h2,http/1.1
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
- TLSv1.3 (IN), TLS handshake, Certificate (11):
- TLSv1.3 (IN), TLS handshake, CERT verify (15):
- TLSv1.3 (IN), TLS handshake, Finished (20):
- TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
- TLSv1.3 (OUT), TLS handshake, Finished (20):
- SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
in my case its failed right after TLS handshak
Troubleshooting Steps Taken:
1. Verified that the API Gateway is deployed and accessible via other methods (e.g., web browser, Postman) to rule out API configuration issues.
2. Checked the API Gateway custom domain name configuration and ensured that the associated SSL/TLS certificate is valid and up to date.
3 create new ssl cert and delete api gateway and deploy it again
4 change minimum TLS version in API Gateway TLS 1.0 (instead of 1.2)
5 Attempted to access the API from different environments and using different versions of curl to rule out client-specific issues.
6 try to downgrade node version in lambda function from 20 to 18
7. move my domain from cloudflare - back to route53.
nothing help
thanks in advance!
Please select the type of API Gateway:
tahnk you for your response. i just thought that maybe someone could direct me where or which things i should check. sometimes someelse exprienced same problem.