A2A Inspector: Enabling HTTP (No SSL) Configuration

Nov 26, 2025 by Alex Johnson 52 views

Introduction

This article addresses the need for configuring A2A Inspector to support non-SSL (HTTP) connections, particularly in non-production environments. Many development or testing setups don't require the overhead of SSL encryption, and using plain HTTP can simplify the configuration and debugging process. This article explores the problem, proposes a solution, and provides context for understanding the issue and its resolution. We will delve into the error messages encountered, the underlying technical details, and the steps required to enable HTTP support in A2A Inspector.

The Challenge: Querying A2A Endpoint Without SSL

In many development and testing environments, the need for SSL (Secure Sockets Layer) encryption might not be as critical as in production. Querying an A2A (Application-to-Application) endpoint over HTTP (without SSL) can simplify the setup and reduce the performance overhead associated with encryption. However, A2A Inspector, by default, might not support such configurations, leading to connection errors and hindering the development workflow. This article explores how to overcome this limitation and enable HTTP support in A2A Inspector.

Problem Description

The primary issue arises when attempting to query an A2A endpoint using http:// instead of https://. This typically occurs in non-production deployments where SSL is not enforced. The A2A Inspector, in its default configuration, seems to expect an SSL connection, leading to errors like the following:

Error: An internal server error occurred: HTTP Error 503: Network communication error fetching agent card from https://localhost:5601/api/agent_builder/a2a/docs-agent.json: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1028)

This error message indicates that the system is attempting to establish an SSL connection (https://) even when a plain HTTP connection (http://) is intended. The [SSL: WRONG_VERSION_NUMBER] error specifically points to a failure in the SSL handshake process, confirming the mismatch between the expected and actual connection types. Understanding this error is crucial in diagnosing and resolving the issue.

Log Analysis

The backend logs provide further insights into the problem. The traceback reveals the sequence of events leading to the error. Here’s a snippet of the relevant log:

[BACKEND] 2025-11-26 14:54:30,463 - app - ERROR - An internal server error occurred
[BACKEND] Traceback (most recent call last):
[BACKEND]   File "/Users/vincent/installs/agent-builder-demo/a2a-inspector/.venv/lib/python3.13/site-packages/httpx/_transports/default.py", line 101, in map_httpcore_exceptions
[BACKEND]     yield
...
[BACKEND] httpcore.ConnectError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1028)

This traceback highlights that the error originates from the httpcore library, which is responsible for handling HTTP connections. The ConnectError with the [SSL: WRONG_VERSION_NUMBER] message confirms that the SSL handshake failed. The traceback indicates the sequence of function calls that led to the error, starting from the httpx library, which A2A Inspector likely uses for making HTTP requests. The start_tls function within httpcore is where the SSL handshake is initiated, and its failure results in the observed error. Analyzing these logs helps pinpoint the exact location where the issue occurs.

Proposed Solution: Configuration Flag for HTTP

The most straightforward solution is to introduce a configuration flag that enables or disables SSL enforcement. This flag would allow users to specify whether A2A Inspector should use https:// or http:// when querying A2A endpoints. By setting this flag appropriately, users can easily switch between SSL and non-SSL modes based on their environment requirements. This approach provides flexibility and caters to both production and non-production scenarios.

Implementing the Configuration Flag

The configuration flag can be implemented in various ways, such as:

Environment Variable: A simple and widely used approach is to use an environment variable, e.g., A2A_INSPECTOR_SSL_ENABLED. Setting this variable to false would disable SSL, while setting it to true or omitting it would enable SSL by default.
Configuration File: A configuration file (e.g., config.yaml or config.json) can contain a key-value pair like `