All geek questions in one place

SSL_connect SYSCALL return = 5 errno = 0 state = SSLv3 read server hi (OpenSSL :: SSL :: SSLError)

I already looked through many questions like this one when overflowing the stack, and I asked the ruby โ€‹โ€‹gods to help now.

im getting this stack trace when doing an HTTP request through ruby:

/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:918:in `connect': SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A (OpenSSL::SSL::SSLError) from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:918:in `block in connect' from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/timeout.rb:66:in `timeout' from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:918:in `connect' from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:862:in `do_start' from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:851:in `start' from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:1367:in `request'

Some notes:

I have already tried setting these attributes to an http object:

 http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true http.ssl_version = :TLSv1 http.ciphers = ['RC4-SHA'] http.verify_mode = OpenSSL::SSL::VERIFY_NONE

I already tried setup

  require 'openssl' OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

And finally, this error occurs only on one of my machines. I assume that I have a different version of openssl or a possible gem that is used in another version. Both are Mac OSX Yosemite 10.10.5

Here is the environment for a machine that works:

 *** LOCAL GEMS *** activesupport (4.2.4, 3.2.22) addressable (2.3.8) autoparse (0.3.3) bigdecimal (1.2.4) bluecloth (2.2.0) builder (3.2.2) bundler (1.6.2) bundler-unload (1.0.2) curb (0.8.8) executable-hooks (1.3.2) extlib (0.9.16) faraday (0.9.2) gem-wrappers (1.2.4) google-api-client (0.8.4) google_drive (1.0.1) googleauth (0.4.2) hurley (0.2) i18n (0.7.0) io-console (0.4.2) jenkins_api_client (1.4.1) json (1.8.1) jwt (1.5.1) launchy (2.4.3) little-plugger (1.1.4) logging (2.0.0) macaddr (1.7.1) maruku (0.7.2) memoist (0.12.0) mime-types (2.3) mini_magick (4.2.7) mini_portile (0.7.0.rc4) minitest (5.8.1, 4.7.5) mixlib-shellout (2.2.1) multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) netrc (0.7.7) nokogiri (1.6.7.rc3) oauth (0.4.7) oauth2 (1.0.0) plist (3.1.0) polyglot (0.3.5) psych (2.0.5) rack (1.6.4) rake (10.3.2, 10.1.0) rdoc (4.1.0) representable (2.3.0) rest-client (1.7.2) retriable (2.1.0, 1.4.1) rubygems-bundler (1.4.4) rvm (1.11.3.9) signet (0.6.1) sqlite3 (1.3.9) systemu (2.6.4) terminal-table (1.5.2) test-unit (2.1.2.0) thor (0.19.1) thread_safe (0.3.5) treetop (1.5.3) tzinfo (1.2.2) uber (0.0.15) unicode (0.4.4.1) uuid (2.3.7) here is my version of openssl: OpenSSL 0.9.8zg 14 July 2015

Here is my environment for a machine that doesn't work:

 *** LOCAL GEMS *** activesupport (3.2.22) addressable (2.3.8) autoparse (0.3.3) bigdecimal (1.2.0) bluecloth (2.2.0) builder (3.2.2) CFPropertyList (2.2.8) curb (0.8.8) extlib (0.9.16) faraday (0.9.2) google-api-client (0.8.4) google_drive (1.0.1) googleauth (0.4.2) i18n (0.7.0) io-console (0.4.2) jenkins_api_client (1.4.1) json (1.8.1, 1.7.7) jwt (1.5.1) launchy (2.4.3) libxml-ruby (2.6.0) little-plugger (1.1.4) logging (2.0.0) macaddr (1.7.1) maruku (0.7.2) memoist (0.12.0) mime-types (2.3) mini_portile (0.6.2) minitest (5.8.1, 4.3.2) mixlib-shellout (2.2.2) multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) netrc (0.7.7) nokogiri (1.6.6.2, 1.5.6) oauth (0.4.7) oauth2 (1.0.0) plist (3.1.0) polyglot (0.3.5) psych (2.0.0) rack (1.6.4) rake (10.3.2, 0.9.6) rdoc (4.0.0) rest-client (1.7.2) retriable (1.4.1) signet (0.6.1) sqlite3 (1.3.9, 1.3.7) systemu (2.6.4) terminal-table (1.5.2) test-unit (2.0.0.0) thor (0.19.1) thread_safe (0.3.5) treetop (1.5.3) tzinfo (1.2.2) unicode (0.4.4.1) uuid (2.3.7) here is my version of openssl: (I tried upgrading to latest, that didnt work either) OpenSSL 1.0.1g 7 Apr 2014
+5
source share
3 answers

I found out the problem. I had an earlier version of ruby โ€‹โ€‹(2.0.0), which I upgraded to 2.1.2 and works like magic. Not sure if Ruby 2.0.0 does openssl throw this error. Very useless error message in my opinion.

0
source

OpenSSL 0.9.8zg July 14, 2015

Do not let you cheat on the recent version date of OpenSSL. The Mac comes with a rotten old version of OpenSSL that cannot run TLS 1.1 and TLS 1.2 and does not support new ciphers, but applies security fixes to this old version. Given that there is not enough detail in your question to reproduce the problem, I assume that the server is just expecting a new version of TLS or some of the new ciphers.

You can check the behavior of the public https server on SSLLabs , which also shows the SSL protocol versions and ciphers supported by the server. It also shows if problems are expected with various clients, including using OpenSSL version 0.9.8, which you are using.

0
source

Perhaps this could be caused by a timeout error? I thought b / c in my ruby โ€‹โ€‹stack trace I see this error and it goes through the timeout.rb file, just a hunch.

 error=SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A /Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:920:in `connect' /Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:920:in `block in connect' /Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/timeout.rb:76:in `timeout' /Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:920:in `connect' /Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:863:in `do_start' /Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:852:in `start' /Users/Ben/.rvm/gems/ ruby-2.1.5@caredox /gems/rest-client-1.8.0/lib/restclient/request.rb:413:in `transmit' /Users/Ben/.rvm/gems/ ruby-2.1.5@caredox /gems/rest-client-1.8.0/lib/restclient/request.rb:176:in `execute' /Users/Ben/.rvm/gems/ ruby-2.1.5@caredox /gems/rest-client-1.8.0/lib/restclient/request.rb:41:in `execute' /Users/Ben/.rvm/gems/ ruby-2.1.5@caredox /gems/rest-client-1.8.0/lib/restclient.rb:65:in `get'

You can try setting a timeout for me using RestClient lib

 RestClient::Request.execute(method: :get, url: url, timeout: 30, headers: {:accept => :json, :Authorization =>access_token_header()}
0
source

Source: https://habr.com/ru/post/1234328/

More articles:


All Articles