SSL handshake failure #137
Comments
|
|
could you upgrade to latest 9.1 (or at least 9.0.5) and than also report back your JVM version. |
|
same error upgrading to JRuby 9.1.7.0 |
|
|
jruby 9.1.7.0 (2.3.1) 2017-01-11 68056ae Java HotSpot(TM) Client VM 25.66-b17 on 1.8.0_66-b17 +jit [linux-i386] |
|
This is still failing on JRuby master, but we have a reproduction script courtesy of https://twitter.com/notsleepy/status/951564023920721921 require 'rubygems'
require "httpclient"
# RUN : jruby test.rb
=begin
I GET THIS CRAP:
Error: Java::JavaxNetSsl::SSLHandshakeException: Received fatal alert: handshake_failure https://jeanmartainnaturopath.com.au/likeslinks/
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/jruby_ssl_socket.rb:495:in `initialize'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/jruby_ssl_socket.rb:474:in `create_socket'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/session.rb:752:in `block in connect'
org/jruby/ext/timeout/Timeout.java:149:in `timeout'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/session.rb:748:in `connect'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/session.rb:511:in `query'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/session.rb:177:in `query'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:1242:in `do_get_block'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:1019:in `block in do_request'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:1133:in `protect_keep_alive_disconnected'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:1014:in `do_request'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:856:in `request'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:743:in `get'
test.rb:27:in `get_page_content'
=end
def get_page_content(path, timeout) # timeout is in seconds
# ***** SET THE CHOICE OF LIB FOR REQUESTS HERE! ************
usecurl = false
#************************************************************
begin
# OPTION 1: CURL
if usecurl
status = Timeout::timeout(timeout) {
response = Curl::Easy.new(path) do |curl|
curl.headers["User-Agent"] = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"
curl.connect_timeout = timeout
curl.ssl_verify_peer = false
end
response.perform
}
# OPTION 2: HTTPCLIENT
else
client = HTTPClient.new()
client.connect_timeout = timeout #give up after X seconds
client.receive_timeout = timeout #give up after X seconds
client.send_timeout = timeout #give up after X seconds
client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
response = client.get(path,
:header => {'User-Agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11', 'Referer' => 'http://www.google.com', }
)
end
rescue => e
puts "Error: #{$!} #{path}"
puts e.backtrace
return "Error retrieving: #{$!}"
end
return response
end
url = "https://jeanmartainnaturopath.com.au/likeslinks/"
response = get_page_content(url, 5000)
puts response.body |
|
the problem here is likely with the Java cacerts on your machine (since JRuby is running on top of Java) and not in this gem. The following Java snippet would confirm if that was the case new URL("https://letsencrypt.org/").openConnection().connect();Your letsencrypt cert should work if you update to the latest Java, otherwise you'd have to follow these instructions |
|
A week ago I started getting the same error without having changed anything in my jruby code or with my letsencrypt certificate, it just suddenly broke. I also tested for max key length and the allowed key length for AES is 2147483647 on my machine. How do I run the above snippet to better sort out the problem? (I don't know java) Any help is greatly appreciated! |
|
Solved my problem by adding the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher to my nginx config (even though this one is considered weak as of today). |
SSL fails with latest http gem under jruby:
jruby-9.0.4.0 :031 > require "http"
=> true
jruby-9.0.4.0 :032 > HTTP.get("https://blocktrades.us")
OpenSSL::SSL::SSLError: Received fatal alert: handshake_failure
from org/jruby/ext/openssl/SSLSocket.java:218:in connect' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/timeout/null.rb:26:inconnect_ssl'
from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/timeout/null.rb:35:in start_tls' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/connection.rb:158:instart_tls'
from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/connection.rb:44:in initialize' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/client.rb:60:inperform'
from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/client.rb:41:in request' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/chainable.rb:75:inrequest'
from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/chainable.rb:19:in get' from (irb):32:in'
from org/jruby/RubyKernel.java:978:in eval' from org/jruby/RubyKernel.java:1291:inloop'
from org/jruby/RubyKernel.java:1098:in catch' from org/jruby/RubyKernel.java:1098:incatch'
from /home/user/.rvm/rubies/jruby-9.0.4.0/bin/irb:13:in `'
SSL is working:
https://www.sslshopper.com/ssl-checker.html#hostname=blocktrades.us
thank you heroes <3
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: