Ruby-on-rails OpenSSL::SSL::SSLError: SSL_connect SYSCALL 返回=5 errno=0 state=SSLv3 read server hello A
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25814210/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
提问by Hesham
The code below yields the following error: OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
下面的代码产生以下错误: OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
require 'net/https'
uri = URI.parse("https://<server>.com")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = 'SSLv3'
http.get(uri.request_uri)
Any idea why? I tried everything mentioned in all other questions, still no luck.
知道为什么吗?我尝试了所有其他问题中提到的所有内容,但仍然没有运气。
- Ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-darwin13.3.0]
- OpenSSL 0.9.8y 5 Feb 2013
- Ruby 1.9.3p484 (2013-11-22 修订版 43786) [x86_64-darwin13.3.0]
- OpenSSL 0.9.8y 2013 年 2 月 5 日
Update I
更新我
Tried the following:
尝试了以下方法:
- Ruby 2.0.0p353 (2013-11-22 revision 43784) [x86_64-darwin13.3.0]
- OpenSSL 1.0.1i 6 Aug 2014
- Ruby 2.0.0p353 (2013-11-22 修订版 43784) [x86_64-darwin13.3.0]
- OpenSSL 1.0.1i 2014 年 8 月 6 日
Update II
更新二
- Forced ssl_version to :TLSv1_2
- 强制 ssl_version 为 :TLSv1_2
Still no luck.
仍然没有运气。
Update III
更新三
Alright, here's the final code - thanks to Steffen (see answer below):
好的,这是最终代码 - 感谢 Steffen(请参阅下面的答案):
require 'net/https'
uri = URI.parse("https://<server>.com")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1
http.ciphers = ['RC4-SHA']
http.get(uri.request_uri)
I doubt that my question will be relevant to anyone else since it was related to a remote misconfigured server.
我怀疑我的问题是否与其他任何人相关,因为它与远程配置错误的服务器有关。
回答by Steffen Ullrich
This is a problem at the server site. It looks like the server is exclusively accepting TLS 1.2 and does not show the usual behavior when the client requests something lesser (like downgrading or sending SSL alert) but instead just closes the connection.
这是服务器站点的问题。看起来服务器只接受 TLS 1.2,并且当客户端请求较少的内容(如降级或发送 SSL 警报)时不显示通常的行为,而是关闭连接。
TLS 1.2 is not supported by OpenSSL 0.9.8 and additionally your code enforces SSLv3. You get TLS 1.2 only when upgrading to OpenSSL 1.0.1.
OpenSSL 0.9.8 不支持 TLS 1.2,另外您的代码强制执行 SSLv3。只有在升级到 OpenSSL 1.0.1 时才能获得 TLS 1.2。
Some browsers will also fail to connect to this server, even if they have ways to work around such broken servers. But while Firefox will only try to downgrade the connection to lesser SSL version (which often helps) Chrome manages to connect with TLS 1.2.
某些浏览器也将无法连接到此服务器,即使它们有办法绕过此类损坏的服务器。但是,虽然 Firefox 只会尝试将连接降级到较低的 SSL 版本(这通常有帮助),但 Chrome 设法与 TLS 1.2 连接。
Edit: I've analyzed the issue further and now I cannot get a connection with TLS1.2 anymore but I can get a connection with TLS1.0 or SSL3.0, but only if the ciphers is hard coded to RC4-SHA. I've tried others like AES128-SHA or DES-CBC3-SHA and they don't work. So while it looks like a really messed up system explicitly setting
编辑:我已经进一步分析了这个问题,现在我无法再与 TLS1.2 建立连接,但我可以与 TLS1.0 或 SSL3.0 建立连接,但前提是密码被硬编码为 RC4-SHA。我试过 AES128-SHA 或 DES-CBC3-SHA 之类的其他方法,但它们不起作用。所以虽然它看起来像一个非常混乱的系统明确设置
http.ssl_version = 'TLSv1' -- or SSLv3, but TLSv1 is better
http.ssl_cipher = 'rc4-sha'
should work. I'm not a ruby user so the exact syntax might differ, but I've tested with OpenSSL s_client.
应该管用。我不是 ruby 用户,所以确切的语法可能会有所不同,但我已经使用 OpenSSL s_client 进行了测试。
回答by Dorian
Solution is to upgrade to openssl 1.0.2g-1?ubuntu4.6(from 1.0.1f-1?ubuntu2.21) (e.g. from cedar-14to heroku-16stack).
解决方案是升级到openssl 1.0.2g-1?ubuntu4.6(从1.0.1f-1?ubuntu2.21)(例如从cedar-14到heroku-16堆栈)。
heroku stack:set heroku-16 -a your-app
And in app.json:
并在app.json:
{
...
"stack": "heroku-16",
...
}
