All geek questions in one place

SSL_connect returned = 1 errno = 0 state = SSLv3 read server hello A: invalid version number (OpenSSL :: SSL :: SSLError)

When I ran https.ssl_version = :TLSv1_2

I got an error

 ruby/2.1.0/net/http.rb:920:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number (OpenSSL::SSL::SSLError)

I changed to https.ssl_version = :SSLv3

 ruby/2.1.0/net/http.rb:920:in `connect': SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A (OpenSSL::SSL::SSLError)

But I can do it without any mistakes client rest

 resp = RestClient.post(server_url, content, header)

The ssl connection confuses me a lot.

Problem on both macos and ubuntu 14.04

UPDATE

Check SSL Settings

Default Ruby on irb

 irb(main):001:0> require 'openssl' => true irb(main):002:0> OpenSSL::SSL::SSLContext::DEFAULT_PARAMS => {:ssl_version=>"SSLv23", :verify_mode=>1, :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", :options=>-2147482625}

In the Rails section

 { :ssl_version => "SSLv23", :verify_mode => 1, :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", :options => -2147482625 } #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>

Brute force to try all kinds of SSL versions in Rails

 I changed the method by `OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ssl_version]=method` :TLSv1 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_2 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_2_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_2_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_1 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_1_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_1_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv3 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv3_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv3_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv23 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv23_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv23_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_2 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_2_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_2_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_1 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_1_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :TLSv1_1_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv3 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv3_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv3_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv23 #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv23_server #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A> :SSLv23_client #<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
+5
source share
2 answers

If you set ssl_version to TLSv1_2 , the server does not support this version, you will see this error (the same for SSLv3 ). I assume that RestClient probably just uses Ruby's default SSLv23 . If this version is supported by the server, it may work.

Check the default value for your version of Ruby as follows:

 > require 'openssl' > OpenSSL::SSL::SSLContext::DEFAULT_PARAMS # => { # => :ssl_version => "SSLv23", # => :verify_mode => 1, # => :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", # => :options => -2147482625 # => }

If https.ssl_version = :TLSv1_2 does not work, I will just try other versions. You can get a list of all available versions in your Ruby with: OpenSSL::SSL::SSLContext::METHODS . Start with:

 https.ssl_version = 'SSLv23'

Or you can ask the server owner which versions are supported.

+2
source 
  When I ran https.ssl_version = :TLSv1_2 ... https.ssl_version = :SSLv3

Any browser that supports only TLS1.0 or TLS1.1 will not work with both of these tests, because the proposed version is too high or too low. It is better to leave the default SSLV23 link, but explicitly disable SSLv3.

To do this, you need to mess with the parameters and add SSL_OP_NO_SSLv3 , see fooobar.com/questions/612330 / ...

+1
source

Source: https://habr.com/ru/post/1205828/

More articles:


All Articles