Reputation: 814
Ruby: SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
Variants of this error have been posted all over the place but none of the solutions seem to work for me.
I'm running ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-linux] and
OpenSSL 1.0.1k 8 Jan 2015.
Running the following:
require 'net/http'
require 'openssl'
url = 'https://ntpnow.com/'
uri = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1
http.get(uri.path)
Dumps this trace:
/usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
from /usr/local/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect'
from /usr/local/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
from /usr/local/lib/ruby/2.2.0/net/http.rb:852:in `start'
from /usr/local/lib/ruby/2.2.0/net/http.rb:1375:in `request'
from /usr/local/lib/ruby/2.2.0/net/http.rb:1133:in `get'
from bin/ntpnow_test.rb:9:in `<main>'
Navigating to the site from a browser shows the certificate appears to be fine. Curl also does not produce any errors.
Additionally, when I try with Ruby 1.9.3 it seems to work. However, I'm not inclined to downgrade Ruby versions if I can find a solution.
Can you please tell me what exactly changed that is causing this problem?
UPDATE:
Steffen's answer and explanation below is correct. For future reference, here is how to diagnose this problem.
- First determine which ciphers the server supports. Run the command
nmap --script ssl-enum-ciphers ntpnow.com. Find the section that lists the supported ciphers. - Determine the cipher key you will have to pass as part of
http.ciphers. Runopenssl ciphers. This will spit out a:delimited list of ciphers. Find the one that matches the result from step 1.
Upvotes: 15
Views: 22133
Answers (2)
Reputation: 3887
I use Mechanize, and I was looking for a patch instead of a configuration of the http client instance. This is how I managed to do it:
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers] += ':DES-CBC3-SHA'
Upvotes: 3
Reputation: 123531
This looks like exactly the same problem I've answered in https://stackoverflow.com/a/29611892/3081018. Same problem: the server can only do TLS 1.0 and only supports DES-CBC3-SHA as cipher. This cipher is no longer enabled by default in recent ruby versions. To connect with this cipher try to specify the cipher explicitly in your code:
http.ssl_version = :TLSv1
http.ciphers = ['DES-CBC3-SHA']
Upvotes: 9
Related Questions
- SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number (OpenSSL::SSL::SSLError)
- How to fix (OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed) in Win7-64
- OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
- OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
- How to fix 'OpenSSL::SSL::SSLError' error in Ruby?
- OpenSSL error when making http request in Ruby
- OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
- OpenSSL::SSL::SSLError: SSL_connect error on Ruby 2.2.1
- Ruby error SSL_connect
- OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A