Menu
A recent OpenSSL update on ArchLinux broke Ruby because the latter depends on SSLv3 being supported by the former. Ruby code that uses OpenSSL will reveal the problem when they terminate with an error like the below:
openssl.so: undefined symbol: SSLv3_method - .../openssl.so (LoadError)
I use multiple versions of Ruby with RVM and the problem aplies to all of them.
The OpenSSL version I have the problem with is 1.0.2h but I believe it was introduced with 1.0.2g. Version 1.0.2f works fine.
How can this be compatibility issue be overcome (without downgradng OpenSSL) ?
976
I solved it by building sslscan myself, with static linking; this puts the SSLv2 and SSLv3 support into the executable itself. It might be dangerous to have the global openssl library support old vulnerable protocol versions.
The Ubuntu people build OpenSSL without SSLv2 support because the protocol has known security issues. So that's why you can't find SSLv2_method in their library even though you can find it when you compile the library yourself. Ubuntu build logs are publicly available.
The problem is caused by the ArchLinux OpenSSL package being built without SSLv3 support, as of this commit. I believe that a similar thing has been done in other distros such as Ubuntu. The solution in a RVM environment is to reinstall your Rubies which will rebuild them (you may also wish to update to the latest rvm):
It might be dangerous to have the global openssl library support old vulnerable protocol versions. I could not get the instructions there to work without problems, because I did not have any deb-src lines in /etc/apt/sources.list, giving the error: However, I ignored the error and it worked for me anyway.
The problem is caused by the ArchLinux OpenSSL package being built without SSLv3 support, as of this commit. I believe that a similar thing has been done in other distros such as Ubuntu.
The solution in a RVM environment is to reinstall your Rubies which will rebuild them (you may also wish to update to the latest rvm):
$ rvm get head # optional, if you want to!
$ rvm reinstall all # or a specifc ruby version instead of 'all'
However, older rubies will still fail with a compile error like this:
Error running '__rvm_make -j1'
ossl_ssl.c:143:27: error: ‘SSLv3_client_method’ undeclared here (not in a function)
This has been discussed with the RVM team who have suggested installing this Ruby patch that allows older rubies to build:
$ curl https://github.com/ruby/ruby/commit/801e1fe46d83c856844ba18ae4751478c59af0d1.diff > openssl.patch
$ rvm install --patch ./openssl.patch 1.9.3-p194
I built ruby-1.9.3-p194, ruby-2.0.0-p247 and ruby-2.2.1 successfully with this patch.
62
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With