Rails Httpclient 2.7.1 : OpenSSL::SSL::SSLError: Could not generate secret

Question

I am getting error

OpenSSL::SSL::SSLError: Could not generate secret
    from ...../httpclient-2.7.1/lib/httpclient/jruby_ssl_socket.rb:504:in `initialize'
    from ..../httpclient-2.7.1/lib/httpclient/jruby_ssl_socket.rb:442:in `create_socket'
    from ..../httpclient-2.7.1/lib/httpclient/session.rb:739:in `connect'

Is anyone faces same?

Answer 1

From some googling, this seems to be an issue caused by the underlying java implementation which is responsible for the actual crypto when setting up a TLS connection. It seems, most of the time this error occured when trying to setup a TLS connection with elliptic curve keys.

There are a couple of reports with an error description similar to yours which could be fixed by using a newer version of Java, e.g. JRE 8. Also, I found a report where this issue seemed to be connected to OpenJDK which did things slightly different then Oracle Java.

Thus, you should first try to move to a newer version of Oracle Java. If that fails, you might be able to disable elliptic curve crypto and fallback to "old-school" crypto by adding this to your JRuby arguments:

jruby -J-Dcom.sun.net.ssl.enableECC=false path/to/script.rb

Note however, that it is generally not advisable to turn off elliptic-curve crypto here if you can avoid it. ECC is much faster (and less CPU-intensive on both sides) and is often more secure than the alternatives.

Answer 2

Here debugging options available use and fix the issue

require 'openssl'
   OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE