6 months ago
I'm encountering an SSL-related issue when running my application on Railway. The issue started two days ago without any changes on my side. Locally, everything works fine using the same Node.js version (20.x) and the same environment variables.
Error: write EPROTO 802CA8327C7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:ssl/statem/statem_clnt.c:2314:
I have verified the following:
Node.js version: Upgraded to v20.x on both local and Railway environments.
Environment variables: Confirmed they are identical between local and production.
No recent changes: The same codebase worked on Railway until two days ago.
I suspect this might be related to SSL/TLS settings on the Railway environment or some incompatibility introduced by recent updates. Locally, the connection works perfectly, and the SSL handshake succeeds.
Steps to reproduce:
Deploy the application on Railway.
Attempt a SOAP request to AFIP (the external API - the Federal Administration of Public Revenue in Argentina).
The request fails with the aforementioned SSL error.
Thanks in advance for your assistance!
16 Replies
6 months ago
Hello!
> Attempt a SOAP request to AFIP (the external API - the Federal Administration of Public Revenue in Argentina).
Can you provide a public URL for us to test so that we can attempt to reproduce this issue?
Status changed to Awaiting User Response Railway • 6 months ago
6 months ago
Hello,
Unfortunately, it’s not possible to provide a public URL for testing because the issue occurs exclusively in the production environment using real tokens and private keys. I switched to another library for interacting with AFIP to issue invoices, but the problem persists. Locally, everything works fine, but once deployed to the server, I encounter the same error and cannot get a response from AFIP.
For reference, I am using this simple library. Initially, it validates an authorization token (TA):
https://github.com/egnuez/afipjs/blob/master/doc/wsaa.md
Once the TA is validated, the invoice is generated:
https://github.com/egnuez/afipjs/blob/master/doc/wsfev1.md
However, I suspect the process doesn’t even reach the TA validation step.
Could there have been any changes to the servers or SSL/TLS configurations since Thursday that might affect the handshake?
Thank you for your assistance!
Status changed to Awaiting Railway Response Railway • 6 months ago
brody
Hello!> Attempt a SOAP request to AFIP (the external API - the Federal Administration of Public Revenue in Argentina).Can you provide a public URL for us to test so that we can attempt to reproduce this issue?
6 months ago
sorry, I didn´t reply it correctly.
https://help.railway.com/questions/persistent-ssl-error-on-production-envir-dd91e8b1#aqw9
maxpell77
sorry, I didn´t reply it correctly.https://help.railway.com/questions/persistent-ssl-error-on-production-envir-dd91e8b1#aqw9
6 months ago
this is the error log
Error: write EPROTO 80DC1723F97F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:ssl/statem/statem_clnt.c:2314:
at WriteWrap.onWriteComplete [as oncomplete] (node:internal/stream_base_commons:95:16)
errno: -71,
code: 'EPROTO',
syscall: 'write'
}
6 months ago
For what it's worth, we are the only two people here, replying to an individual message doesn't send me a louder notification or anything, so there's no need.
I've staged a change to rollback your Nixpacks version, please click Deploy at your earliest convince and then let me know if you are still seeing the errors.
Status changed to Awaiting User Response Railway • 6 months ago
brody
For what it's worth, we are the only two people here, replying to an individual message doesn't send me a louder notification or anything, so there's no need.I've staged a change to rollback your Nixpacks version, please click Deploy at your earliest convince and then let me know if you are still seeing the errors.
6 months ago
Sorry, that wasn’t my intention. I realized I hadn’t replied to your message and thought maybe you didn’t get the corresponding notification. I tried to delete my comment but couldn’t, so I added the link instead. It wasn’t meant to bother you, just a misunderstanding on my part.
Thank you for the solution! It’s working perfectly now (finally, I’ll be able to sleep tonight, haha). I also ditched the library and did everything manually, just to be safe.
Best regards!
Status changed to Awaiting Railway Response Railway • 6 months ago
6 months ago
Not bothered at all, just wanted to convey that replies are purely graphically and make no functional different for two people conversations 
But happy I was able to find a solution for you!
Status changed to Awaiting User Response Railway • 6 months ago
Status changed to Solved brody • 6 months ago
Status changed to Awaiting Railway Response maxpell77 • 6 months ago
brody
Not bothered at all, just wanted to convey that replies are purely graphically and make no functional different for two people conversationsBut happy I was able to find a solution for you!
6 months ago
Thanks for clarifying! And sorry, just one last request. The service you fixed is one I use for testing. Could you roll back the Nixpacks version for this other service as well? Or is that something I can do myself? I’m not entirely sure how to specify it—would the address help? It’s garage-production.up.railway.app.
Thanks again!
6 months ago
Yep this is something you can 100% do yourself, check out your activity feed in order to see what I did, and then you can apply the same fix to any service you'd like.
Status changed to Awaiting User Response Railway • 6 months ago
6 months ago
Thanks for letting me know! Sorry, I honestly have no idea where to find my activity feed. I don’t have much experience with server options. Could you point me in the right direction or let me know how to access it?
Status changed to Awaiting Railway Response Railway • 6 months ago
6 months ago
This thing, perhaps you have it collapsed in your project?
Attachments
Status changed to Awaiting User Response Railway • 6 months ago
6 months ago
mm, that’s strange. Sorry, but I can’t seem to find it. I don’t see the activity section anywhere. The one that’s working fine now is the service on the right (but it’s just an online test). I’m not sure how to do the Nixpacks version rollback for the real one (the one on the left).
Thanks for your patience!
Attachments
Status changed to Awaiting Railway Response Railway • 6 months ago
6 months ago
I think you’re referring to the Build Logs? I’m really not sure how I can roll back the Nixpacks version for the service garage-production.up.railway.app, like you did for the other test service. Could you please help? I don’t want to touch anything without knowing and make things worse. They’re unable to issue invoices from my application right now.
Thank you so much, and sorry for the trouble!
Status changed to Awaiting User Response Railway • 6 months ago
brody
Close the service card first, then you can see your activity log.
6 months ago
Ah! I see it now, I had never noticed it before. I’ve already added that variable, and it’s working perfectly now. Thank you so much, and I’m really sorry for the trouble!
Status changed to Awaiting Railway Response Railway • 6 months ago
6 months ago
No trouble at all, would have done it for you, but I haven't been at the work computer for the past several hours.
Status changed to Awaiting User Response Railway • 6 months ago
Status changed to Solved brody • 6 months ago