OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A

前端 未结 2 497
醉话见心
醉话见心 2020-12-03 01:04

The code below yields the following error: OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A

require \'net/https         


        
相关标签:
2条回答
  • 2020-12-03 01:43

    Solution is to upgrade to openssl 1.0.2g-1​ubuntu4.6 (from 1.0.1f-1​ubuntu2.21) (e.g. from cedar-14 to heroku-16 stack).

    heroku stack:set heroku-16 -a your-app
    

    And in app.json:

    {
      ...
      "stack": "heroku-16",
      ...
    }
    
    0 讨论(0)
  • 2020-12-03 01:46

    This is a problem at the server site. It looks like the server is exclusively accepting TLS 1.2 and does not show the usual behavior when the client requests something lesser (like downgrading or sending SSL alert) but instead just closes the connection.

    TLS 1.2 is not supported by OpenSSL 0.9.8 and additionally your code enforces SSLv3. You get TLS 1.2 only when upgrading to OpenSSL 1.0.1.

    Some browsers will also fail to connect to this server, even if they have ways to work around such broken servers. But while Firefox will only try to downgrade the connection to lesser SSL version (which often helps) Chrome manages to connect with TLS 1.2.

    Edit: I've analyzed the issue further and now I cannot get a connection with TLS1.2 anymore but I can get a connection with TLS1.0 or SSL3.0, but only if the ciphers is hard coded to RC4-SHA. I've tried others like AES128-SHA or DES-CBC3-SHA and they don't work. So while it looks like a really messed up system explicitly setting

    http.ssl_version = 'TLSv1'       -- or SSLv3, but TLSv1 is better
    http.ssl_cipher = 'rc4-sha'
    

    should work. I'm not a ruby user so the exact syntax might differ, but I've tested with OpenSSL s_client.

    0 讨论(0)
提交回复
热议问题