SSL_connect error when accessing Shopify API with rubygem

Question

I'm having trouble accessing the Shopify API using the shopify_api gem.

Here's what happens:

>> require "shopify_api" #=> false
>> ShopifyAPI::Base.site = "https://username:[email protected]/admin"
=> "https://username:[email protected]/admin"
>> products = ShopifyAPI::Product.find(:all)
Errno::ECONNRESET: Connection reset by peer - SSL_connect
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `block in connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb:54:in `timeout'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:755:in `do_start'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:744:in `start'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:1284:in `request'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:1026:in `get'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:113:in `block in request'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activesupport-3.2.8/lib/active_support/notifications.rb:123:in `block in instrument'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activesupport-3.2.8/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activesupport-3.2.8/lib/active_support/notifications.rb:123:in `instrument'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:110:in `request'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/shopify_api-3.0.1/lib/active_resource/connection_ext.rb:13:in `request_with_detailed_log_subscriber'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:80:in `block in get'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:218:in `with_auth'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:80:in `get'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/base.rb:901:in `find_every'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/base.rb:813:in `find'
    from (irb):21
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/bin/irb:16:in `<main>'

Thinking it was a problem with ruby's openssl bindings, I installed openssl with RVM and reinstalled ruby:

rvm pkg install openssl
rvm reinstall 1.9.3-p194 --with-openssl-dir=~/.rvm/usr

But that didn't help.

So I tried connecting with plain ol' NET::HTTPS and was able to connect to another site, but not shopify.

>> require "net/https" #=> false
>> require "uri" #=> false
>> uri = URI.parse("https://google.com/") #=> #<URI::HTTPS:0x007fa27bb243f8 URL:https://google.com/>
>> http = Net::HTTP.new(uri.host, uri.port) #=> #<Net::HTTP google.com:443 open=false>
>> http.use_ssl = true #=> true
>> http.verify_mode = OpenSSL::SSL::VERIFY_NONE #=> 0
>> http.start { |agent| p agent.get(uri.path).read_body }
"<HTML><HEAD><meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<TITLE>301 Moved</TITLE></HEAD><BODY>\n<H1>301 Moved</H1>\nThe document has moved\n<A HREF=\"https://www.google.com/\">here</A>.\r\n</BODY></HTML>\r\n"
=> "<HTML><HEAD><meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<TITLE>301 Moved</TITLE></HEAD><BODY>\n<H1>301 Moved</H1>\nThe document has moved\n<A HREF=\"https://www.google.com/\">here</A>.\r\n</BODY></HTML>\r\n"
>> uri = URI.parse("https://mysite.myshopify.com/admin/")
=> #<URI::HTTPS:0x007fa27d1f5e38 URL:https://mysite.myshopify.com/admin/>
>> http = Net::HTTP.new(uri.host, uri.port) #=> #<Net::HTTP mysite.myshopify.com:443 open=false>
>> http.use_ssl = true #=> true
>> http.verify_mode = OpenSSL::SSL::VERIFY_NONE #=> 0
>> http.start { |agent| p agent.get(uri.path).read_body }
Errno::ECONNRESET: Connection reset by peer - SSL_connect
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `block in connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb:54:in `timeout'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:755:in `do_start'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:744:in `start'
    from (irb):18
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/bin/irb:16:in `<main>'

So that rules out my ruby/openssl setup. Any ideas what's causing the SSL_connect error?

Answer 1

Most likely, your client is trying to connect using TLS 1.2, one of the more recent SSL/TLS protocols used in HTTPS. Our load balancing hardware has a known problem with TLS 1.2, although we weren't aware of it until I independently stumbled upon this bug myself.

I've made the rest of the Operations team aware of this, and I expect we'll be fixing this as soon as possible. Until then, you can use

http.ssl_version = :TLSv1

to force Ruby to use TLS 1.0 instead.