I've suddenly started encountering the following errors when attempting to use gmail authentication (Yesod.Auth.GoogleEmail2) in my Yesod Application:
FailedConnectionException2 "www.googleapis.com" 443 True sendBuf: resource vanished (Broken pipe)
and
TlsExceptionHostPort (HandshakeFailed (Error_Packet_unexpected "Alert [(AlertLevel_Fatal,DecodeError)]" " expected: change cipher")) "www.googleapis.com" 443
The second error is more common. It's still possible to log in---reloading after the error gives
StatusCodeException (Status {statusCode = 400, statusMessage = "Bad Request"}) [("Content-Type","application/json; charset=utf-8"),("Cache-Control","no-cache, no-store, max-age=0, must-revalidate"),("Pragma","no-cache"),("Expires","Mon, 01 Jan 1990 00:00:00 GMT"),("Date","Wed, 24 Aug 2016 01:13:02 GMT"),("Content-Encoding","gzip"),("X-Content-Type-Options","nosniff"),("X-Frame-Options","SAMEORIGIN"),("X-XSS-Protection","1; mode=block"),("Server","GSE"),("Alternate-Protocol","443:quic"),("Alt-Svc","quic=\":443\"; ma=2592000; v=\"35,34,33,32,31,30\""),("Transfer-Encoding","chunked"),("X-Response-Body-Start","{\n \"error\" : \"invalid_grant\",\n \"error_description\" : \"Code was already redeemed.\"\n}"),("X-Request-URL","POST https://accounts.google.com:443/o/oauth2/token")] (CJ {expose = []})
and heading back through the auth route after getting that message logs you in.
I'm building on the Yesod scaffolded site, and as far as I can tell, nothing has changed in Foundation.hs or Application.hs since before this problem started showing up. The application is being deployed with keter, and compiled in stack lts-6.12
twofold question: what's the cause, and what's the fix?
I had bump up to lts-6.28 to get it work.