Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bundle install stops with handshake_failure trying to fetch specs from rails-assets.org #3764

Closed
ghost opened this issue Mar 29, 2016 · 5 comments

Comments

@ghost
Copy link

ghost commented Mar 29, 2016

Environment

Jruby-9.0.5.0
Windows 10 x86_64, MacOS (not windows-specific)
jruby-openssl-0.9.16
Oracle JDK 1.8.0_77

Expected Behavior

Expect this script

require 'net/http'
require 'openssl'

uri = URI.parse('https://rails-assets.org/specs-4.8.gz')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(uri.request_uri)
response = http.request(request)

to run successfully.

Actual Behavior

I'm getting OpenSSL::SSL::SSLError: Received fatal alert: handshake_failure
Trace:

    from org/jruby/ext/openssl/SSLSocket.java:215:in `connect'
    from C:/jruby-9.0.5.0/lib/ruby/stdlib/net/http.rb:927:in `block in connect'
    from org/jruby/ext/timeout/Timeout.java:127:in `timeout'
    from C:/jruby-9.0.5.0/lib/ruby/stdlib/net/http.rb:927:in `connect'
    from C:/jruby-9.0.5.0/lib/ruby/stdlib/net/http.rb:867:in `do_start'
    from C:/jruby-9.0.5.0/lib/ruby/stdlib/net/http.rb:856:in `start'
    from C:/jruby-9.0.5.0/lib/ruby/stdlib/net/http.rb:1388:in `request'

I have seen this issue and tried setting ssl_version, which didn't help at all.

@enebo enebo added the openssl label Mar 29, 2016
@enebo
Copy link
Member

enebo commented Mar 29, 2016

I added a line I think you accidentally deleted when you entered this issue (request= line...). I can reproduce this on MacOS so I think this is a generic openssl thing. I tried some of the TLS config flags to JVM mentioned in #2220 and I can confirm those do not change this behavior. I did confirm this does work on MRI 2.3 too.

@kares @mkristian you guys have any thoughts on this.

@mkristian
Copy link
Member

I could reproduce the error with jdk8 but jdk7 did work for me on my macos

got the idea from https://www.ssllabs.com/ssltest/analyze.html?d=rails-assets.org which does actually indicate the opposite outcome.

@lumrandir did you try different JDKs ?

@ghost
Copy link
Author

ghost commented Mar 30, 2016

@mkristian Oh, sorry, I forgot to mention JDK version being used. Added the line in the issue description. Tried this on JDK 7u79, and It works just fine. Guess I'll stick with it for a while.

@hut8
Copy link

hut8 commented Apr 3, 2016

Hey @mkristian and @lumrandir . I was able to reproduce this issue on jruby 9.0.5.0 with JDK 8. I did quite a bit of research and I think I found a solution.

I just changed the configuration for the cipher suites on that site (tenex/rails-assets@3120e5b). Can you try again with the same URL and confirm it doesn't break your JDK 7?

@ghost
Copy link
Author

ghost commented Apr 5, 2016

@hut8 it works OK on JDK 7/8, thank you. Guess I can close the issue now.

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants