Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number (OpenSSL::SSL::SSLError)

Tags:

ruby

ssl

When I ran https.ssl_version = :TLSv1_2

I got the error

ruby/2.1.0/net/http.rb:920:in `connect': 
SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: 
wrong version number (OpenSSL::SSL::SSLError)

Whe I changed to https.ssl_version = :SSLv3

ruby/2.1.0/net/http.rb:920:in `connect': 
SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A 
(OpenSSL::SSL::SSLError)

But I can do it without any error by rest client

resp = RestClient.post(server_url, content, header)

The ssl connection is make me confused so much.

The problem both on macos and ubuntu 14.04

UPDATE

Check my SSL parameters

Under default Ruby by irb

irb(main):001:0> require 'openssl'
=> true
irb(main):002:0>  OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
=> {:ssl_version=>"SSLv23", :verify_mode=>1, :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", :options=>-2147482625}

Under Rails

{
    :ssl_version => "SSLv23",
    :verify_mode => 1,
        :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
        :options => -2147482625
}
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>

Brute force to try all kind of SSL version within Rails

I changed the method by `OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ssl_version]=method`

:TLSv1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
like image 315
newBike Avatar asked Oct 30 '14 04:10

newBike


1 Answers

If you set the ssl_version to TLSv1_2 and the server does not support that version then you will see this error (same for SSLv3).

My guess is that RestClient probably just uses Ruby's default SSLv23. If that version is supported by the server it might just work.

Check the default for your Ruby version like this:

require 'openssl'
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
# => {
# =>     :ssl_version => "SSLv23",
# =>     :verify_mode => 1,
# =>     :ciphers     => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
# =>     :options     => -2147482625
# => }

If https.ssl_version = :TLSv1_2 does not work then I would try other versions.

You can get a list of all available versions in your Ruby with:

OpenSSL::SSL::SSLContext::METHODS

I would start with:

https.ssl_version = 'SSLv23'

Or you may want to ask the owner of the server which versions are supported.

like image 87
spickermann Avatar answered Sep 22 '22 19:09

spickermann