Menu
I'm attempting to download a .zip file from a BingAds URL and am struggling to bypass this error:
Connection reset by peer - SSL_connect
I have this code currently running in production through another app but am utilizing nitrous.io for new application on a chromebook and running off their default rails install (the nitrous box).
The code currently working in the other app:
class BingApi
def self.get_data(request_params={})
require 'zip'
#Acquire Bing report download URL
report_url = BingApi.acquire_report_url(report_request_id, request_params)
zip_file = open(report_url)
unzippedxml = Zip::File.open(zip_file) # open zip
entry = unzippedxml.entries.reject(&:directory?).first # take first non-directory
entry.get_input_stream{|is| is.read } # read file contents
end
The report_url will look something like: https://download.api.bingads.microsoft.com/ReportDownload/Download.aspx?q=cWmkJ72lVlzGEG%2fouLL8Xes2j6I5qVhLrnTqNIrW....
When visited, it will prompt the download of a .zip file which I unzip and then parse.
However, this same code on the chromebook utilizing the nitrous box gives me the Connection reset by peer - SSL_connect error
Errno::ECONNRESET - Connection reset by peer - SSL_connect:
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:920:in `block in connect'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/timeout.rb:76:in `timeout'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:852:in `start'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:313:in `open_http'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:724:in `buffer_open'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:210:in `block in open_loop'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:208:in `open_loop'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:149:in `open_uri'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:704:in `open'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:34:in `open'
lib/bing_api.rb:25:in `get_data'
lib/bing_api.rb:224:in `get_and_parse'
I've been trying various different solutions:
zip_file = open(report_url, :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE)
OR
zip_file = Faraday.get(report_url, :ssl => false)
Finally I've bypassed it by using:
uri = URI.parse(report_url)
https = Net::HTTP.new(uri.host, uri.port)
https.open_timeout = 5
https.use_ssl = true
https.ssl_version = 'SSLv3'
request = Net::HTTP::Get.new(uri.request_uri)
zip_file = https.request(request)
but I can't pass the zip_file to unzippedxml = Zip::File.open(zip_file) or I get a no implicit conversion of Net::HTTPOK into String TypeError.
Am I missing something simple here? Should I do something different with that zip_file.class => Net::HTTPOK object?
I tried calling zip_file.body but what is returned looks like what you'd see if you tried to open an zipped file in an editor prior to unzipping.
706
A “connection reset by peer” error means the TCP stream was closed, for whatever reason, from the other end of the connection. In other words, the TCP RST was sent and received, but the connection is closed.
The server will drop your connection immediately if you start sending data without establishing a secure connection first (hence the connection reset error).
The server is broken.
It only supports explicit TLS1.0 and SSL3.0 handshakes and does not support the commonly used and most compatible SSLv23 handshake. And even with explicit TLS1.0 handshake it can fail if you include the wrong or too much ciphers. The relevant output from analyze.pl:
* version SSLv23, no verification, ciphers= -> FAIL! SSL wants a read first
* version SSLv23, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version TLSv1_2, no verification, ciphers= -> FAIL! SSL wants a read first
* version TLSv1_2, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version TLSv1_1, no verification, ciphers= -> FAIL! SSL connect attempt failed error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* version TLSv1_1, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version TLSv1 no verification, ciphers= -> TLSv1,AES256-SHA
* version TLSv1, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version SSLv3 no verification, ciphers= -> SSLv3,AES256-SHA
* version SSLv3 no verification, ciphers=HIGH:ALL -> SSLv3,AES256-SHA
* supported SSL versions with handshake used and preferred cipher(s):
* handshake protocols ciphers
* SSLv23 FAILED: SSL wants a read first
* TLSv1_2 FAILED: SSL wants a read first
* TLSv1_1 FAILED: SSL connect attempt failed error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number SSL wants a read first
* TLSv1 TLSv1 AES256-SHA
* SSLv3 SSLv3 AES256-SHA
As can be seen here SSLv23, TLSv1_2 and TLSv1_1 handshakes do not work and TLSv1 handshake does work but not if ciphers are HIGH:ALL (maybe too much ciphers or maybe unexpected ciphers are included). SSLv3 handshake then works stable.
Browsers work around this kind of behavior by trying multiple times while slowly downgrading the SSL/TLS protocol version used in the handshake. But apart from browsers practically nobody else is doing this. So any other application will usually fail unless they are specifically configured to use TLS1.0 or SSL3.0 handshakes with this server.
but I can't pass the zip_file to unzippedxml = Zip::File.open(zip_file) or I get a no implicit conversion of Net::HTTPOK into String TypeError.
At least the URL you've given only returns 404 not found. Please check that you've actually got a ZIP file as result. I don't know about this server, but often these kind of download links get dynamically created and are only valid if you've visited another site before and got a cookie there or a similar thing to tie the URL to your browser session.
133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
