Working around OpenSSL::SSL::SSLErrors

Updated . Posted . Visible to the public.

If your requests blow up in Ruby or CURL, the server you're connecting to might only support requests with older SSL/TLS versions.

You might get an error like: OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=unknown state

SSL Server Test

This SSL Server Test Show archive.org snapshot can help finding out which SSL/TLS versions the server can handle.

Ruby

In Ruby, you can teach Net::HTTP to use a specific SSL/TLS version.

uri = URI.parse(url)

ssl_options = {
   use_ssl: true,
   ssl_version: 'SSLv3'
}

Net::HTTP.start(uri.host, ssl_options) do |http|
   http.get uri.request_uri
end

CURL

In CURL, you can specify the SSL/TLS protocol version to use like this:

✘ > curl -i https://www.econda-monitor.de/els/logging
curl: (35) Unknown SSL protocol error in connection to www.econda-monitor.de:443

✔ > curl -i --sslv3 https://www.econda-monitor.de/els/logging
HTTP/1.1 200 OK
...

✔ > curl -i --tlsv1 https://www.econda-monitor.de/els/logging
HTTP/1.1 200 OK
...

curl -i includes the protocol headers in the output, so you'll see the response's status code.

Last edit
License
Source code in this card is licensed under the MIT License.
Posted to makandra dev (2014-07-01 08:54)