The problem appears to be that your target site, aristo4stu3.bgu.ac.il, is picky about SSL/TLS handshaking. I got two different results with the following OpenSSL command with different versions of OpenSSL:

问题似乎是您的目标站点aristo4stu3.bgu.ac.il对 SSL/TLS 握手很挑剔。使用以下 OpenSSL 命令和不同版本的 OpenSSL，我得到了两个不同的结果：

openssl s_client -connect aristo4stu3.bgu.ac.il:443

This does connect with the stock OpenSSL 0.9.8x on OS X 10.7.5. However, it does notconnect using OpenSSL 1.0.1e - in that case the server just closes the connection (by sending a Close Notify alert) immediately after receiving the Client Hello.

这确实与 OS X 10.7.5 上的股票 OpenSSL 0.9.8x 连接。但是，它并不能连接使用OpenSSL 1.0.1e -在这种情况下，服务器只需关闭连接（通过发送关闭通知警告）收到客户机问候之后。

I captured packets with Wireshark, and the difference between what these two versions send is that 0.9.8x is sending an SSLv2 Client Hello advertising support through TLS 1.0, while 1.0.1e is sending a TLSv1 Client Hello advertising support through TLS 1.2.

我用 Wireshark 捕获了数据包，这两个版本发送的区别在于 0.9.8x 是通过 TLS 1.0 发送 SSLv2 Client Hello 广告支持，而 1.0.1e 是通过 TLS 1.2 发送 TLSv1 Client Hello 广告支持。

If I tell 1.0.1e not to use TLS:

如果我告诉 1.0.1e 不要使用 TLS：

openssl s_client -connect aristo4stu3.bgu.ac.il:443 -no_tls1

This connects successfully with an SSLv3 Client Hello advertising support through SSL 3.0.

这通过 SSL 3.0 与 SSLv3 Client Hello 广告支持成功连接。

Incidentally, my local ruby does make a successful connection with open-urito your site:

顺便说一句，我的本地 ruby​​ 确实与open-uri您的站点建立了成功的连接：

$ irb
>> require 'open-uri'
=> true
>> open('https://aristo4stu3.bgu.ac.il')
=> #<StringIO:0x10271fa90>
>> require 'openssl'
=> false
>> OpenSSL::OPENSSL_VERSION
=> "OpenSSL 0.9.8r 8 Feb 2011"
>>

So the indicated approaches seem to be:

因此，指示的方法似乎是：

1. Upgrade the server to handle more Client Hello variants, or
2. Install a ruby that uses an older OpenSSL library, or
3. Change your program to send a different Client Hello.

1. 升级服务器以处理更多 Client Hello 变体，或
2. 安装使用旧 OpenSSL 库的 ruby​​，或
3. 更改您的程序以发送不同的 Client Hello。

It does not appear that the open-urimodule has an option to set the SSL/TLS version used to communicate. If you can't modify the server you may need to use a different module or library to establish the connection, or perhaps find a way to patch the opensslmodule so it uses a different Client Hello.

该open-uri模块似乎没有设置用于通信的 SSL/TLS 版本的选项。如果您无法修改服务器，您可能需要使用不同的模块或库来建立连接，或者找到一种方法来修补openssl模块，使其使用不同的 Client Hello。

If you're on Mac and it's an OSX certificate issue (which was the case for me), you can fix it by running:

如果您使用的是 Mac 并且是 OSX 证书问题（我就是这种情况），您可以通过运行以下命令来修复它：

rvm osx-ssl-certs update all

See https://rvm.io/support/fixing-broken-ssl-certificates

请参阅https://rvm.io/support/fixing-broken-ssl-certificates

I found a good writeup of the problem & solution here. http://blog.55minutes.com/2012/05/tls-error-with-ruby-client-and-tomcat-server/

我在这里找到了有关问题和解决方案的好文章。http://blog.55minutes.com/2012/05/tls-error-with-ruby-client-and-tomcat-server/

TLDR code snippet that resolves the problem.

解决问题的 TLDR 代码片段。

http = Net::HTTP.new(host, port)
http.use_ssl = true
http.ssl_version = :SSLv3
http.start { ... }

I received the same message and it simply turned out I had http.use_ssl = trueset on a non SSL connection.

我收到了同样的消息，结果只是我http.use_ssl = true设置了非 SSL 连接。