SSL issue CONNECT_CR_SRVR_HELLO on macOS

[anta40]

Consider this code:

import httpclient

var client = newHttpClient()
echo client.getContent "http://rosettacode.org/wiki/Rosetta_Code"

On macOS 15 M2, compiled with Nim 2.2.0 (installed via Homebrew):

$ nim c -d:release -d:ssl test01.nim
Hint: used config file '/opt/homebrew/Cellar/nim/2.2.2/nim/config/nim.cfg' [Conf]
Hint: used config file '/opt/homebrew/Cellar/nim/2.2.2/nim/config/config.nims' [Conf]
.........................................................................................................................................................
Hint:  [Link]
Hint: mm: orc; threads: on; opt: speed; options: -d:release
76365 lines; 0.814s; 140.973MiB peakmem; proj: /Users/andretampubolon/Codes/Nim/test01.nim; out: /Users/andretampubolon/Codes/Nim/test01 [SuccessX]
$./test01
net.nim(578)             raiseSSLError
httpclient.nim(986)      newConnection
Error: unhandled exception: error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version [SslError]

On Debian 64, compiled with Nim 2.2.0 (installed via choosenim):

$ nim c -d:release -d:ssl test01.nim
Hint: used config file '/home/anta40/.choosenim/toolchains/nim-2.2.0/config/nim.cfg' [Conf]
Hint: used config file '/home/anta40/.choosenim/toolchains/nim-2.2.0/config/config.nims' [Conf]
........................................................................................................................................................
Hint:  [Link]
Hint: mm: orc; threads: on; opt: speed; options: -d:release
75605 lines; 1.555s; 141.062MiB peakmem; proj: /home/anta40/Codes/test01.nim; out: /home/anta40/Codes/test01 [SuccessX]
$./test01
<!DOCTYPE html>
<html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-0 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-disabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr">
<head>
...
...
...

[metagn]

We still have protSSLv23 as the default, it may have been removed in a newer OpenSSL 3 version installed on macos 15. Try this:

import httpclient, net

var client = newHttpClient(sslContext = newContext(protTLSv1))
echo client.getContent "http://rosettacode.org/wiki/Rosetta_Code"

[anta40]

Perhaps this is specific macOS' OpenSSL issue

import httpclient, net

#var client = newHttpClient()
var client = newHttpClient(sslContext = newContext(protTLSv1))

# error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure
#echo client.getContent("http://rosettacode.org/wiki/Rosetta_Code")

# OK
#echo client.getContent("https://gcc.gnu.org")

# OK
#echo client.getContent("https://kernel.org")

# error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure
#echo client.getContent("http://amazon.com")

# OK
#echo client.getContent("http://samsung.com")

# OK
#echo client.getContent("http://quora.com")

# error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure
#echo client.getContent("https://ebay.com")

# OK
#echo client.getContent("https://edition.cnn.com")

# OK
echo client.getContent("https://www.apple.com")

All works fine on Debian, though.