<p></p>
<p dir="auto">So on Linux (Raspberry Pi) I get the following message on the terminal</p>
<p dir="auto">SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../ssl/record/rec_layer_s3.c:1543:SSL alert number 112</p>
<p dir="auto">This leads us to</p>
<p dir="auto"><a href="https://techcommunity.microsoft.com/t5/iis-support-blog/ssl-tls-alert-protocol-and-the-alert-codes/ba-p/377132" rel="nofollow">https://techcommunity.microsoft.com/t5/iis-support-blog/ssl-tls-alert-protocol-and-the-alert-codes/ba-p/377132</a></p>
<p dir="auto">which mentions that 112 is unrecognized_name(112).</p>
<p dir="auto">When I run it through the Qualsys SSL checker</p>
<p dir="auto"><a href="https://www.ssllabs.com/ssltest/analyze.html?d=stream.data.alpaca.markets" rel="nofollow">https://www.ssllabs.com/ssltest/analyze.html?d=stream.data.alpaca.markets</a></p>
<p dir="auto">it does mention that</p>
<p dir="auto">This site works only in browsers with SNI support.</p>
<p dir="auto">so I'm guessing at the level that sslConnect is working it is not getting SNI right.</p>
<p dir="auto">=================</p>
<p dir="auto">Now the good news is that this works (again Linux on a PI)</p>
<p dir="auto">WebClient httpHead: '<a href="https://stream.data.alpaca.markets" rel="nofollow">https://stream.data.alpaca.markets</a>'</p>
<p dir="auto">returning</p>
<p dir="auto">WebResponse(HTTP/1.1 404 Not Found<br>
date: Tue, 30 Aug 2022 18:22:48 GMT<br>
content-type: text/plain; charset=utf-8<br>
content-length: 21<br>
connection: keep-alive<br>
strict-transport-security: max-age=15724800; includeSubDomains<br>
)</p>
<p dir="auto">Now we know that it should work because WebClient works, and it sounds like SNI is an issue.</p>
<p dir="auto">SecureSocketStream sslConnect just calls self sslConnectTo: nil</p>
<p dir="auto">And that leads us to the comment in sslConnectTo:</p>
<p dir="auto">"Perform the SSL client handshake. This method uses all the common SocketStream methods to adhere to the various timeout/signalling settings of SocketStream. It only installs the SSL instance after the handshake is complete. If serverName is not nil, then try to use it for SNI."</p>
<p dir="auto">So, if one modifies your code as above it seems to work</p>
<p dir="auto">stream := SecureSocketStream openConnectionToHostNamed: 'stream.data.alpaca.markets' port: 443.<br>
stream sslConnectTo: 'stream.data.alpaca.markets'.<br>
stream binary.<br>
stream halt.<br>
stream close</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/652#issuecomment-1232022044">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AIJPEW3SVN7G6E63ZOTSMPLV3ZH4BANCNFSM6AAAAAAQAJ5MPE">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AIJPEW7IAW3LWAV2BY4SXD3V3ZH4BA5CNFSM6AAAAAAQAJ5MPGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSJN4VBY.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><OpenSmalltalk/opensmalltalk-vm/issues/652/1232022044</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/652#issuecomment-1232022044",
"url": "https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/652#issuecomment-1232022044",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>