Hi, I’m developing some tools using Gemini Live and Gemini Flash models in C++.
For Gemini Live, we’re using WebSocket++.
For Gemini Flash, we’ve implemented our own HTTP client session using Asio (Boost-less) and OpenSSL directly.
However, we’re occasionally experiencing TLS handshake failures that persist for a long time — on the same device.
Sometimes it successfully connects after 1 or 2 minutes, but at other times it keeps failing for up to 20 minutes. Eventually, the issue disappears without any clear reason.
Here’s the code snippet we use for establishing WebSocket connections in Gemini Live:
websocket_client = std::make_shared<client>();
websocket_client->clear_access_channels(websocketpp::log::alevel::all);
websocket_client->clear_error_channels(websocketpp::log::elevel::all);
websocket_client->init_asio();
websocket_client->set_tls_init_handler([this](websocketpp::connection_hdl) {
auto ctx = websocketpp::lib::make_shared<asio::ssl::context>(asio::ssl::context::tlsv12);
return ctx;
});
Actual Response:
void GeminiLiveClientWorker::OnFailed( websocketpp::connection_hdl hdl )
{
client::connection_ptr con = websocket_client->get_con_from_hdl( hdl );
spdlog::error( "[GEMINI_LIVE] connection failed: {}", con->get_ec().message() );
Disconnect();
}
[GEMINI_LIVE] connection failed: TLS handshake failed
For Gemini Flash (our custom HTTP client), here’s our TLS initialization code:
SSL_CTX_set_min_proto_version(m_sslContext->native_handle(), TLS1_2_VERSION);
SSL_CTX_set_max_proto_version(m_sslContext->native_handle(), TLS1_3_VERSION);
m_sslContext->set_options(asio::ssl::context::default_workarounds);
applyProtocolNegotiation();
initializeRootCertificates();
m_sslContext->set_verify_mode(ssl::verify_peer);
m_sslContext->set_verify_callback(asio::ssl::rfc2818_verification(m_addr.c_str()));
m_sslSocket = std::make_shared<ssl_socket>(*ioSvc, *m_sslContext);
if (!m_sslSocket)
return;
DEBUG_LOG("[SSL] init ssl %s, this=%p, resolver=%p, socket=%p, context=%p",
m_addr.c_str(), this, m_resolver.get(), m_sslSocket.get(), m_sslContext.get());
static const char cipherList[] = {
"ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:"
"RSA+AESGCM:RSA+AES:!aNULL:!MD5"
};
SSL_set_cipher_list(m_sslSocket->native_handle(), cipherList);
socket->async_handshake
(
asio::ssl::stream_base::client,
std::bind
(
&SSLCommunicator::onAsioHandshake,
self,
socket,
sslContext,
std::placeholders::_1
)
);
void SSLCommunicator::onAsioHandshake( ssl_socket_ptr sslSocket, ssl_context_ptr sslContext, const std::error_code &ec )
{
...
if ( !ec ) {
...
}
else if ( (int)std::errc::bad_file_descriptor == ec.value() && !isConnected() ) {
...
}
else {
ERROR_LOG( "[SSL] failed to connect, ssl handshake failed : %s (%p), err=%s(%d)", m_addr.c_str(), this, ec.message().c_str(), ec.value() );
... // <----------------- Error
}
}
We’re unsure what causes these inconsistent handshake failures. Could it be due to something we’ve configured incorrectly in our TLS setup? Or is there anything else we should check?
Any advice or suggestions would be greatly appreciated.
Thanks in advance!
