Let me know if the previous comment on strictSSL helps here.

Unfortunately, setting strictSSL did not resolve the issue. I can confirm that I can download github components through bower - so I'm not sure what exactly is at fault over here.

Note - I am running jspm 0.15.7

Any guidance on how to resolve this issue would be appreciated.

Are you sure you are definitely setting the proxy environment variables correctly here? Note that you should also ensure your local git commandline process is configured to use the proxy as well separately.

Yes - I've configured the git command to use the proxy as well -

git config --global http.proxy https://[corporate-proxy]
git config --global http.sslVerify false

but it still doesn't work.

FYI - cloning a repository using git works for me. Example git clone https://github.com/jspm/github.git

Can you clarify what the git command is that jspm runs and I can see if it works?

I also should mention that our proxy server uses NTLM for authentication - does the components that jspm use support that?

@MaluTom sorry for the delay and repetition in the SystemJS issue. Well done for soldiering on regardless! The command that jspm runs to access git is https://github.com/jspm/github/blob/master/github.js#L283 and https://github.com/jspm/github/blob/master/github.js#L283.

Effectively using request to query https://user:pass@github.com/repo/name and exec to run git ls-remote https://user:pass@github.com/repo/name.git refs/tags/* refs/heads/*.

The SSL error sounds like a man in the middle at your company, which is most likely prevented via strictSSL: false. I've also created jspm/jspm-cli#980 which may be useful here too.

Hi @guybedford ,

Yes it is a MITM at my company - and unfortunately the https proxy uses NTLM authentication. It seems that jspm ultimately uses tunnel-agent.js which doesn't support NTLM from what I can see -

https://github.com/mikeal/tunnel-agent/blob/master/index.js#L127

So unfortunately - I don't think I have a solution yet as using strictSSL:false doesn't seem to do it for me.

@MaluTom ok it sounds like git is working for you, but it is just request that isn't working.

Perhaps try a sample app with just:

var request = require('request');

request({
  uri: 'https://user:pass@github.com/jspm/jspm-cli',
  headers: {
    'User-Agent': 'jspm'
  },
  followRedirect: false,
  strictSSL: false
})
.on('response', function(res) {
  console.log(res.statusCode);
});

It would be interesting to see if that works for you there. If not, perhaps integrating https://github.com/request/request#proxies or other configs would help.

Also, what configurations do you set in npm to make it work properly there?

My knowledge on these proxies is very limited so knowing what we should do here would be a great help.

@guybedford - running the above code snippet returns the following -

err  Error: tunneling socket could not be established!!, cause=write EPROTO 101057795:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:openssl\ssl\s23_clnt.c:782:

         at ClientRequest.onError (c:\dev\aurelia\skeleton-navigation-0.15.1\node_modules\jspm\node_modules\jspm-github\node_modules\request\node_modules\tunnel-agent\index.js:186:17)
         at ClientRequest.g (events.js:199:16)
         at ClientRequest.emit (events.js:107:17)
         at TLSSocket.socketErrorListener (_http_client.js:271:9)
         at TLSSocket.emit (events.js:129:20)
         at onwriteError (_stream_writable.js:317:10)
         at onwrite (_stream_writable.js:335:5)
         at WritableState.onwrite (_stream_writable.js:105:5)
         at fireErrorCallbacks (net.js:456:13)
         at TLSSocket.Socket._destroy (net.js:495:3)

err  Error: socket hang up
         at createHangUpError (_http_client.js:215:15)
         at TLSSocket.socketCloseListener (_http_client.js:247:23)
         at TLSSocket.emit (events.js:129:20)
         at TCP.close (net.js:485:12)

To get npm to work by itself (that is npm install -g jspm for example) - I don't have to do anything special.

@MaluTom ok sure, what proxy config to you have in your .npmrc file?

@guybedford - here is what I have in my .npmrc (it turns out I do have a proxy set actually):

proxy=http://[http-proxy]
cache=c:\dev\npm-cache
prefix=c:\dev\npm

Note that my firm also has a separate https-proxy which doesn't seem to need to be set for npm

@MaluTom it's worth checking then if you definitely set that proxy correctly via an environment variable.

For example, in the test script this would be via:

HTTP_PROXY=http://proxy.com node request-test.js

@guybedford -
Results of my test:

1. With no HTTP_PROXY variable set -

Error: connect ETIMEDOUT
    at exports._errnoException (util.js:746:11)
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1010:19)

2.With HTTP_PROXY variable set -

Error: tunneling socket could not be established!!, cause=Parse Error

3.With HTTPS_PROXY variable set -

Error: tunneling socket could not be established!!, cause=write EPROTO 101057795
:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:openssl\ssl
\s23_clnt.c:782:

I believe that npm just needs a http_proxy which is why it works. However, jspm uses github via https and requires an https proxy. My firm's HTTPS_PROXY uses NTLM authentication which, from my very limited knowledge, the request package doesn't support. I wish I knew how/where to start to fix this myself but I'm very willing to test any fixes/other ideas you may have

Same issue here, behind corporate proxy. Configs and environment variables set properly. Variations of strictSSL and registry endpoints didn't work. Git, bower, and npm all work.

Error on download for github:systemjs/systemjs
     Error: tunneling socket could not be established, cause=write EPROTO 140735192249088:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:782

It does sound like this is exactly the NLTM auth issue then again. Any tips on how to setup a test environment for such a thing would be welcome as I don't have access to such a corporate proxy here unfortunately.

I seem to be having this issue too. Interestingly, I didn't have the issue a month or so ago, so I'm not sure if the same thing is causing it. I guess something could've been changed on the proxy, but I've never had to use my credentials to use it, so I'm assuming it's been using NTLM auth. As for creating a test environment, I'm not sure, but I'd help testing if you do make some changes.

Been a few weeks with no updates, so I was wondering if anything was going on pertaining to this. It's making it impossible for me to use jspm, so I'm kind of antsy about it.

@Ixonal all requests in jspm are made in two ways - either calling out to git execution or using request. If both https://github.com/request/request or git clone https://github.com/some/repo work for you then jspm will work for you. If there are configs in either of these projects that we can better support through jspm I can certainly look into it, but there is no active work being done here as I'm really not sure what else can be done?

hmmmm... Odd... I ran a git clone on the request repo and it pulled it in fine, so git seems good. Jspm seems to want to use the request lib to pull it in still, though. If I understand correctly, shouldn't it be deferring to a git call?

Is there a reason why, if I have Git installed and running, I would still be getting this issue?

@Ixonal you would need to set the proxy environment variables as described in https://github.com/request/request#controlling-proxy-behaviour-using-environment-variables.

I already have those vars set to valid values.

@Ixonal perhaps you need a private certificate authority to be provided? We don't currently support this feature.

Shouldn't it be using Git itself, instead of the request lib, though? As I stated earlier, git is able to pull in repos just fine.

We're moving to reducing the API expectations, but it will be a breaking change when we do as we currently support the GitHub releases API.

Hmmm.... In that case, jspm may be unusable for me until the request library supports ntlm authentication...

Thanks for bearing with, apologies there isn't more I can do about this right now.

Guess I'll head over to that repo and start prodding at them XD.

Thanks for actively supporting your users as best you can.

Thought I'd say I was able to get this working by actually deleting the HTTPS_PROXY environment variable...

i have the same problem

i set proxy in git and environment variable and its not work
what can i do to solve this problem?
my error:

warn Error on locate for github:components/jquery, retrying (1).
Error: tunneling socket could not be established, cause=write EPROTO
at ClientRequest.onError (C:\Users\lugassi\Desktop\T
unnel-agent\index.js:176:17)
at ClientRequest.g (events.js:260:16)
at emitOne (events.js:77:13)
at ClientRequest.emit (events.js:169:7)
at TLSSocket.socketErrorListener (_http_client.js:25
at emitOne (events.js:77:13)
at TLSSocket.emit (events.js:169:7)
at onwriteError (_stream_writable.js:304:10)
at onwrite (_stream_writable.js:322:5)
at WritableState.onwrite (_stream_writable.js:89:5)

i use with version 0.16.15
Any help will be blessed

If it is any help, I was getting the exact same error and stack traces until I removed the s from https:// in the value HTTPS_PROXY variable

so:

export HTTPS_PROXY="http://myproxy.com:8080"
# instead of
export HTTPS_PROXY="https://myproxy.com:8080"

i.e. somehow the internal corporate proxy itself might not be able to perform SSL communication with devices behind the proxy

Above worked like magic lol!

True that. It was extra s for me as well.

@erfangc , I also had success with your solution. Thanks!

Thanks @erfangc 👍 worked like a charm.

Thank you@erfangc

worked fine !
Big many thanks :D

@erfangc you just saved me, still works, thanks !

try to change the port to 443

Thanks @erfangc !

@erfangc Thanks you so much bro! You made my day!

hello, this is a nood question, where should i change the export HTTPS_PROXY="https://myproxy.com:8080" ?

@louis2688 Try the commands in terminal:
apm config set https-proxy http://myproxy.com:myport
apm config set http-proxy http://myproxy.com:myport
be careful, it is http:// NOT https://
Let's see if this work for you?

Thank you! This solution fixed my problems, even though I was not behind a proxy, just directly connected through my ISP (Comcast/XFinity).

The error I was getting was not exactly the same (nothing about tunneling, just "FetchError"), but same underlying cause--a failed SSL handshake. I found this bug report by searching for "SSL23_GET_SERVER_HELLO:unknown protocol" and npm. After reading it, I wondered if I set up a proxy server and set https_proxy to an http address then it might fix it. Sure enough, setting up the proxy still gave the same error with https, but changing to http fixed everything!

Glad to have the solution, but it still seems like there must have been an easier way to connect to npm via Comcast other than setting up a proxy server!

0 info it worked if it ends with ok
1 verbose cli [ '/usr/local/Cellar/node/9.6.1/bin/node',
1 verbose cli '/usr/local/bin/npm',
1 verbose cli 'install',
1 verbose cli '-g',
1 verbose cli 'browserify' ]
2 info using npm@5.6.0
3 info using node@v9.6.1
4 verbose npm-session 840f22c5a0fd3f98
5 silly install loadCurrentTree
6 silly install readGlobalPackageData
7 silly fetchPackageMetaData error for browserify@latest request to https://registry.npmjs.org/browserify failed, reason: write EPROTO 140735487877952:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:
8 verbose type system
9 verbose stack FetchError: request to https://registry.npmjs.org/browserify failed, reason: write EPROTO 140735487877952:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:
9 verbose stack
9 verbose stack at ClientRequest.req.on.err (/usr/local/lib/node_modules/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/src/index.js:68:14)
9 verbose stack at ClientRequest.emit (events.js:127:13)
9 verbose stack at onerror (/usr/local/lib/node_modules/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/agent-base/index.js:106:9)
9 verbose stack at callbackError (/usr/local/lib/node_modules/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/agent-base/index.js:126:5)
9 verbose stack at
10 verbose cwd /Users/domino/crypto-app
11 verbose Darwin 17.4.0
12 verbose argv "/usr/local/Cellar/node/9.6.1/bin/node" "/usr/local/bin/npm" "install" "-g" "browserify"
13 verbose node v9.6.1
14 verbose npm v5.6.0
15 error code EPROTO
16 error errno EPROTO
17 error request to https://registry.npmjs.org/browserify failed, reason: write EPROTO 140735487877952:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:
18 verbose exit [ 1, true ]

Removing 's' from proxy solved the same problem on windows too :

set https_proxy=http://username:password@myproxy.com:port

i have set up my proxy but still failing to install angulerjs package.. so i m get error code E400
400 Bad Request: angular-cli@latest for which i m failing to understand how come can it be a bad request since is the only why i know...
Calling for help on the issues :)
0 info it worked if it ends with ok
1 verbose cli [ 'C:\Program Files\nodejs\node.exe',
1 verbose cli 'C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js',
1 verbose cli 'install',
1 verbose cli '-g',
1 verbose cli 'angular-cli' ]
2 info using npm@5.6.0
3 info using node@v9.4.0
4 verbose npm-session 5cd051a13c25bc02
5 silly install loadCurrentTree
6 silly install readGlobalPackageData
7 http fetch GET 400 https://registry.npmjs.org/angular-cli 117ms
8 silly fetchPackageMetaData error for angular-cli@latest 400 Bad Request: angular-cli@latest
9 verbose stack Error: 400 Bad Request: angular-cli@latest
9 verbose stack at fetch.then.res (C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\fetchers\registry\fetch.js:42:19)
9 verbose stack at tryCatcher (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\util.js:16:23)
9 verbose stack at Promise._settlePromiseFromHandler (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:512:31)
9 verbose stack at Promise._settlePromise (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:569:18)
9 verbose stack at Promise._settlePromise0 (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:614:10)
9 verbose stack at Promise._settlePromises (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:693:18)
9 verbose stack at Async._drainQueue (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\async.js:133:16)
9 verbose stack at Async._drainQueues (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\async.js:143:10)
9 verbose stack at Immediate.Async.drainQueues [as _onImmediate] (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\async.js:17:14)
9 verbose stack at runCallback (timers.js:756:18)
9 verbose stack at tryOnImmediate (timers.js:717:5)
9 verbose stack at processImmediate [as _immediateCallback] (timers.js:697:5)
10 verbose cwd C:\Users\NetshiR2
11 verbose Windows_NT 6.1.7601
12 verbose argv "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js" "install" "-g" "angular-cli"
13 verbose node v9.4.0
14 verbose npm v5.6.0
15 error code E400
16 error 400 Bad Request: angular-cli@latest
17 verbose exit [ 1, true ]

In my case, besides what erfangc said, the "https_proxy" also should be changed to "https-proxy" when config the npm environment. Then the error will be fixed...