OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=unknown state: unknown protocol
The problem appears to be that your target site, aristo4stu3.bgu.ac.il
, is picky about SSL/TLS handshaking. I got two different results with the following OpenSSL command with different versions of OpenSSL:
openssl s_client -connect aristo4stu3.bgu.ac.il:443
This does connect with the stock OpenSSL 0.9.8x on OS X 10.7.5. However, it does not connect using OpenSSL 1.0.1e - in that case the server just closes the connection (by sending a Close Notify alert) immediately after receiving the Client Hello.
I captured packets with Wireshark, and the difference between what these two versions send is that 0.9.8x is sending an SSLv2 Client Hello advertising support through TLS 1.0, while 1.0.1e is sending a TLSv1 Client Hello advertising support through TLS 1.2.
If I tell 1.0.1e not to use TLS:
openssl s_client -connect aristo4stu3.bgu.ac.il:443 -no_tls1
This connects successfully with an SSLv3 Client Hello advertising support through SSL 3.0.
Incidentally, my local ruby does make a successful connection with open-uri
to your site:
$ irb
>> require 'open-uri'
=> true
>> open('https://aristo4stu3.bgu.ac.il')
=> #<StringIO:0x10271fa90>
>> require 'openssl'
=> false
>> OpenSSL::OPENSSL_VERSION
=> "OpenSSL 0.9.8r 8 Feb 2011"
>>
So the indicated approaches seem to be:
- Upgrade the server to handle more Client Hello variants, or
- Install a ruby that uses an older OpenSSL library, or
- Change your program to send a different Client Hello.
It does not appear that the open-uri
module has an option to set the SSL/TLS version used to communicate. If you can't modify the server you may need to use a different module or library to establish the connection, or perhaps find a way to patch the openssl
module so it uses a different Client Hello.
OpenSSL::SSL::SSLError in UsersController#create (SSL_connect returned=1 errno=0 state=unknown state: unknown protocol)
It appears to be related to a known bug in ubuntu 12.04 when using openssl 1.0.1 as described in the last answer here:
OpenSSL::SSL::SSLError Ubuntu 12.04 only
You can find more information about the bug on Ubuntu's bug tracker https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371
Apparently, if you force the use of SSLv3, the error should disappear.
Ruby SSL error - sslv3 alert unexpected message
You might also want to check out if leotechnosoft.net
is blocking port 25 when using SSL as some hosting providers sometimes block port 25 by default. When you're using SSL try with port 465 instead.
How to fix 'OpenSSL::SSL::SSLError' error in Ruby?
This error usually occurs if you try to establish an encrypted connection to a server that doesn't expect this. Port 587 typically requires the use of STARTTLS
after first establishing an unecrypted connection. Try removing tls: true
in your configuration and using enable_starttls_auto: true
instead.
Related Topics
Best Way to Debug Third-Party Gems in Ruby
What Does the "$" Character Mean in Ruby
How to Run a Ruby Script Using Rbenv with Cron
How to Simulate Java-Like Annotations in Ruby
How to Set Http_Referer When Testing in Rails
How to Run a Single Test in Minitest
Removing All Empty Elements from a Hash/Yaml
Difference Between Truncation, Transaction and Deletion Database Strategies
How to Calculate the Distance Between Two Gps Coordinates Without Using Google Maps API
How to Find the Unique Elements in an Array in Ruby
How to Configure Capistrano to Use My Rvm Version of Ruby
Ruby on Rails: How to Explicitly Define Plural Names and Singular Names in Rails
Flattening Nested Hash to a Single Hash with Ruby/Rails
How to Uninstall Ruby on Rails on MAC Os X
Errno::Econnrefused: Connection Refused - Connect(2) for Action Mailer
Understanding the Gemfile.Lock File