Ruby: SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
This looks like exactly the same problem I've answered in https://stackoverflow.com/a/29611892/3081018. Same problem: the server can only do TLS 1.0 and only supports DES-CBC3-SHA as cipher. This cipher is no longer enabled by default in recent ruby versions. To connect with this cipher try to specify the cipher explicitly in your code:
http.ssl_version = :TLSv1
http.ciphers = ['DES-CBC3-SHA']
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
This is a problem at the server site. It looks like the server is exclusively accepting TLS 1.2 and does not show the usual behavior when the client requests something lesser (like downgrading or sending SSL alert) but instead just closes the connection.
TLS 1.2 is not supported by OpenSSL 0.9.8 and additionally your code enforces SSLv3. You get TLS 1.2 only when upgrading to OpenSSL 1.0.1.
Some browsers will also fail to connect to this server, even if they have ways to work around such broken servers. But while Firefox will only try to downgrade the connection to lesser SSL version (which often helps) Chrome manages to connect with TLS 1.2.
Edit: I've analyzed the issue further and now I cannot get a connection with TLS1.2 anymore but I can get a connection with TLS1.0 or SSL3.0, but only if the ciphers is hard coded to RC4-SHA. I've tried others like AES128-SHA or DES-CBC3-SHA and they don't work.
So while it looks like a really messed up system explicitly setting
http.ssl_version = 'TLSv1' -- or SSLv3, but TLSv1 is better
http.ssl_cipher = 'rc4-sha'
should work. I'm not a ruby user so the exact syntax might differ, but I've tested with OpenSSL s_client.
Ruby and SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3
Seems like you are not sending the certificate to access the spreadsheet. You probably need to generate one through Google Services, export it, give your spreadsheet access to your google services email user and then use the certificate to make the request.
https://console.developers.google.com/apis/dashboard for more info
SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A (OpenSSL::SSL::SSLError)
Figured out the issue. I had an older version of ruby (2.0.0) I upgraded to 2.1.2 and works like magic. Not sure what ruby 2.0.0 has that makes openssl throw that Error. Very useless error message in my opinion.
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=unknown state: unknown protocol
The problem appears to be that your target site, aristo4stu3.bgu.ac.il
, is picky about SSL/TLS handshaking. I got two different results with the following OpenSSL command with different versions of OpenSSL:
openssl s_client -connect aristo4stu3.bgu.ac.il:443
This does connect with the stock OpenSSL 0.9.8x on OS X 10.7.5. However, it does not connect using OpenSSL 1.0.1e - in that case the server just closes the connection (by sending a Close Notify alert) immediately after receiving the Client Hello.
I captured packets with Wireshark, and the difference between what these two versions send is that 0.9.8x is sending an SSLv2 Client Hello advertising support through TLS 1.0, while 1.0.1e is sending a TLSv1 Client Hello advertising support through TLS 1.2.
If I tell 1.0.1e not to use TLS:
openssl s_client -connect aristo4stu3.bgu.ac.il:443 -no_tls1
This connects successfully with an SSLv3 Client Hello advertising support through SSL 3.0.
Incidentally, my local ruby does make a successful connection with open-uri
to your site:
$ irb
>> require 'open-uri'
=> true
>> open('https://aristo4stu3.bgu.ac.il')
=> #<StringIO:0x10271fa90>
>> require 'openssl'
=> false
>> OpenSSL::OPENSSL_VERSION
=> "OpenSSL 0.9.8r 8 Feb 2011"
>>
So the indicated approaches seem to be:
- Upgrade the server to handle more Client Hello variants, or
- Install a ruby that uses an older OpenSSL library, or
- Change your program to send a different Client Hello.
It does not appear that the open-uri
module has an option to set the SSL/TLS version used to communicate. If you can't modify the server you may need to use a different module or library to establish the connection, or perhaps find a way to patch the openssl
module so it uses a different Client Hello.
OpenSSL::SSL::SSLError in UsersController#create (SSL_connect returned=1 errno=0 state=unknown state: unknown protocol)
It appears to be related to a known bug in ubuntu 12.04 when using openssl 1.0.1 as described in the last answer here:
OpenSSL::SSL::SSLError Ubuntu 12.04 only
You can find more information about the bug on Ubuntu's bug tracker https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371
Apparently, if you force the use of SSLv3, the error should disappear.
Ruby SSL error - sslv3 alert unexpected message
You might also want to check out if leotechnosoft.net
is blocking port 25 when using SSL as some hosting providers sometimes block port 25 by default. When you're using SSL try with port 465 instead.
Related Topics
Add Existing Classes into a Module
How to Get the Array Index or Iteration Number with an Each Iterator
Which Equality Test Does Ruby's Hash Use When Comparing Keys
Add a CSS Class to <%= F.Submit %>
How Can Bundler/Gemfile Be Configured to Use Different Gem Sources During Development
How to Render File in Rails 5 API
No Such File to Load -- SQLite3/Sqlite3_Native
Does Ruby Have Any Number Formatting Classes
How to Include Blank Field in Select_Tag
Check to See If an Array Is Already Sorted
Rails 4.1 Activerecord::Relation Is No More Like Array
Undefined Local Variable Based on Syntax in Ruby
Why Don't Numbers Support .Dup
Rails Custom Validation Based on a Regex
Rails 5 Db Migration: How to Fix Activerecord::Concurrentmigrationerror