Title: SSL Handshake Error (EPROTO) when using NextAuth.js getUserByEmail

[powderham]

Environment

When attempting to retrieve a user by email using the NextAuth.js library, an SSL handshake error occurs, resulting in the following error message: "EPROTO 8034597504:error:1408F10B:SSL routines:ssl3_get_record:wrong version number". This error indicates a mismatch in SSL/TLS protocol versions during the SSL handshake process.

This happens when posting to /api/auth/signin/email. It fails both as curl and in the browser

curl 'http://localhost:3000/api/auth/signin/email' --compressed -X POST -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' -H 'Accept-Language: en-GB,en;q=0.7,en-US;q=0.3' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Origin: http://localhost:3000' -H 'Connection: keep-alive' -H 'Referer: http://localhost:3000/api/auth/signin?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2Flogin' -H 'Cookie: _clck=1dc75kh|2|fc0|0|1244; _clsk=1uu6abj|1685396933849|1|1|v.clarity.ms/collect; next-auth.csrf-token=1ae9b484a802bd7c5f39a909696fb2308737d81a5c6c6ba262fbab8212b653cf%7C843b11db4ab99e37164f0911c5e5e992a520f85da1e8e5241535b88e341b975b; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000%2Flogin' -H 'Upgrade-Insecure-Requests: 1' -H 'Sec-Fetch-Dest: document' -H 'Sec-Fetch-Mode: navigate' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-User: ?1' --data-raw 'csrfToken=1ae9b484a802bd7c5f39a909696fb2308737d81a5c6c6ba262fbab8212b653cf&email=email%40example.com'

System:
OS: macOS 13.1
CPU: (8) arm64 Apple M1 Pro
Memory: 57.78 MB / 32.00 GB
Shell: 5.8.1 - /bin/zsh
Binaries:
Node: 16.15.1 - ~/.nvm/versions/node/v16.15.1/bin/node
npm: 8.11.0 - ~/.nvm/versions/node/v16.15.1/bin/npm
Browsers:
Chrome: 113.0.5672.126
Firefox Developer Edition: 114.0
Safari: 16.2

I am unsure how to debug this, since it appears to be inside the internals of NextAuth.
I have previously had issues with https on the login button here which I would imagine is relevant. However now it is showing http://localhost which makes me wonder if it's picked up the wrong cookie or similar.

I can post to /api/auth/signout, and receive a 302 (since I assume no user is logged in yet).

Any suggestions on debugging greatly appreciated.

Reproduction URL

localhost

Describe the issue

Bug Description:
When attempting to retrieve a user by email using the NextAuth.js library, an SSL handshake error occurs, resulting in the following error message: "EPROTO 8034597504:error:1408F10B:SSL routines:ssl3_get_record:wrong version number". This error indicates a mismatch in SSL/TLS protocol versions during the SSL handshake process.

How to reproduce

• Configure NextAuth.js for user authentication and authorization.
  

• Implement a functionality to retrieve a user by email using the NextAuth.js getUserByEmail adapter method.
  

• Trigger the code path that invokes the getUserByEmail method.
  

• Observe the SSL handshake error being thrown with the error message mentioned above.
  

Expected behavior

Email sent via provider for login

[rakurtz]

how to solve this error?

this happens to me when using nextjs behind a reverse proxy in a selfhosted docker deployed nextjs app