OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
This is a problem at the server site. It looks like the server is exclusively accepting TLS 1.2 and does not show the usual behavior when the client requests something lesser (like downgrading or sending SSL alert) but instead just closes the connection.
TLS 1.2 is not supported by OpenSSL 0.9.8 and additionally your code enforces SSLv3. You get TLS 1.2 only when upgrading to OpenSSL 1.0.1.
Some browsers will also fail to connect to this server, even if they have ways to work around such broken servers. But while Firefox will only try to downgrade the connection to lesser SSL version (which often helps) Chrome manages to connect with TLS 1.2.
Edit: I've analyzed the issue further and now I cannot get a connection with TLS1.2 anymore but I can get a connection with TLS1.0 or SSL3.0, but only if the ciphers is hard coded to RC4-SHA. I've tried others like AES128-SHA or DES-CBC3-SHA and they don't work.
So while it looks like a really messed up system explicitly setting
http.ssl_version = 'TLSv1' -- or SSLv3, but TLSv1 is better
http.ssl_cipher = 'rc4-sha'
should work. I'm not a ruby user so the exact syntax might differ, but I've tested with OpenSSL s_client.
SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A (OpenSSL::SSL::SSLError)
Figured out the issue. I had an older version of ruby (2.0.0) I upgraded to 2.1.2 and works like magic. Not sure what ruby 2.0.0 has that makes openssl throw that Error. Very useless error message in my opinion.
Ruby: SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
This looks like exactly the same problem I've answered in https://stackoverflow.com/a/29611892/3081018. Same problem: the server can only do TLS 1.0 and only supports DES-CBC3-SHA as cipher. This cipher is no longer enabled by default in recent ruby versions. To connect with this cipher try to specify the cipher explicitly in your code:
http.ssl_version = :TLSv1
http.ciphers = ['DES-CBC3-SHA']
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A - Faraday::Error::ConnectionFailed
Thanks to @mislav who give the hint to change SSL version
.
I had to change this because my partner has its application built using asp.net and uses this version of SSL. More info at https://mislav.net/2013/07/ruby-openssl/
So the final code is as follows:
Rails.application.config.middleware.use OmniAuth::Builder do
client_id = 'my_client_id'
client_secret = 'secret'
ssl_options = {}
ssl_options[:version] = :TLSv1
ssl = {}
ssl[:ssl] = ssl_options
provider :partner, client_id, client_secret,
client_options: { connection_opts: ssl} ,
setup: ->(env){
req = Rack::Request.new(env)
token_url = "https://#{req.params.fetch('shop')}"
env['omniauth.strategy'].options[:client_options][:token_url] = token_url
}
end
Related Topics
Are There Any Additional Inject Shorthand
Regex to Match Something Based on What Was Matched Before
Uri::Invalidurierror (Uri Must Be Ascii Only)
How to Pass the JavaScript Value as JSON Object to the Controller in Ruby on Rails
Pixel Rgb with Imagemagick and Rails
Access Local Variables from a Different Binding in Ruby
Can Nokogiri Search for "Xml-Stylesheet" Tags
My Class Name Conflicting with Ruby'S
Ruby Tcpserver to Get Client Ip Address
Find Out Which Words in a Large List Occur in a Small String
How to Create Zip File Only in Memory in Ruby
Nginx Getting Permission Denied When Connecting to Unicorn
Trying to Find Vowels of a String Using Ruby While Loops
Adapters Not Working with Datamapper
Nokogiri Returning Values as a String, Not an Array