Hey there, let's break down this tricky intermittent SSL error you're facing. That SSL alert number 10 corresponds to an unexpected_message error, meaning the SSL handshake process received a message that didn't fit the expected sequence. Since you've tried every major Node.js HTTP library and multiple Node versions with the same result, the issue is likely tied to either the target server's SSL setup, network instability, or specific SSL configuration quirks in your client.

Here are actionable steps to diagnose and fix this:

1. Validate the Target Server's SSL Consistency #

Since the error hits only sometimes, it’s possible the server is load-balanced across instances with mismatched SSL configurations (e.g., some using outdated protocols, others using modern ones).

• Run repeated SSL checks with openssl s_client -connect your-target-domain:443 — do this 5-10 times to see if you get varying results (different cipher suites, protocol versions, or handshake failures). This will tell you if the server itself has inconsistent behavior.

2. Force Stable TLS Versions in Your Client #

Node.js might be negotiating a protocol version that the server occasionally rejects. Try locking your client to modern, widely supported TLS versions to reduce handshake mismatches:

Example with Axios: #

const axios = require('axios');
const https = require('https');

const secureAgent = new https.Agent({
  rejectUnauthorized: true, // Keep this enabled unless testing internal, untrusted servers
  minVersion: 'TLSv1.2',
  maxVersion: 'TLSv1.3'
});

axios.get('https://your-target-endpoint', { httpsAgent: secureAgent })
  .then(res => console.log(res.data))
  .catch(err => console.error(err));

Example with request-promise: #

const rp = require('request-promise');

rp({
  uri: 'https://your-target-endpoint',
  agentOptions: {
    minVersion: 'TLSv1.2',
    maxVersion: 'TLSv1.3'
  }
})
.then(data => console.log(data))
.catch(err => console.error(err));

3. Disable SSL Session Resumption (Temporary Test) #

Intermittent errors can sometimes stem from broken SSL session resumption. Try disabling it to rule out this possibility:

// For Axios/https native module
const secureAgent = new https.Agent({
  sessionTimeout: 0, // Turns off session resumption
  minVersion: 'TLSv1.2'
});

4. Rule Out Network Interruptions #

Since the error is intermittent, network glitches (packet loss, proxy interference, firewall rules) could be the culprit.

• Test your request from a different network (e.g., home vs. office) to eliminate local network issues.
• If you’re using a proxy, bypass it temporarily to see if the error goes away.

5. Upgrade to a Supported Node.js Version #

While you’ve tested 10.x and 12.x, these versions are end-of-life and run outdated OpenSSL libraries. Upgrading to a supported LTS version (like 16.x or 18.x) brings newer, more stable SSL implementations that might resolve handshake bugs present in older releases.

6. Log Detailed SSL Handshake Data #

Enable verbose SSL logging in Node.js to get granular context about when the handshake fails:

NODE_DEBUG=https node your-request-script.js

This will output step-by-step logs of the SSL handshake, which can help you pinpoint exactly where the unexpected message is being thrown (e.g., during certificate exchange, key exchange, etc.).

If none of these steps fix the issue, it’s worth reaching out to the maintainers of the target API to check if they’re aware of intermittent SSL handshake issues on their end. Intermittent errors like this often point to server-side instability or load balancer misconfigurations.

内容的提问来源于stack exchange，提问作者Akash Rangari