SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A - Faraday::Error::ConnectionFailed

Cleyton picture Cleyton · Apr 22, 2014 · Viewed 14.2k times · Source

I've seen many answers here, but none of them has worked.

I'm using omniauth-oauth2 gem to integrate with a third-party customer.

I'm using the setup phase described here but I'm always getting this error:

Authentication failure! failed_to_connect: Faraday::Error::ConnectionFailed, SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A

Faraday::Error::ConnectionFailed (SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3     read server hello A):
.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in `connect'
.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in `block in connect'

My initializer at config/initializers is:

Rails.application.config.middleware.use OmniAuth::Builder do
  client_id = 'my_client_id'
  client_secret = 'secret'

  ca_file = Rails.root.join('config', 'cacert.pem').to_s

  ssl_options = {}
  ssl_options[:ca_path] = '/usr/local/etc/openssl'
  ssl_options[:ca_file] = ca_file

  provider :my_partner_provider, client_id, client_secret,  :client_options => {:ssl => ssl_options},
    setup: ->(env){
    req = Rack::Request.new(env)
    site = "https://#{req.params.fetch('shop')}"
    env['omniauth.strategy'].options[:client_options][:site]  = site
  }
end

I've tried with and without ssl options.

To complement, here's my stack: https://gist.github.com/cleytonmessias/11274209

I've typed in terminal openssl s_client -showcerts -connect partnerurl.com:443 <<<OK and it returned this: https://gist.github.com/cleytonmessias/11288646

Does anyone know the solution to this issue?

Answer

Cleyton picture Cleyton · Apr 29, 2014

Thanks to @mislav who give the hint to change SSL version.

I had to change this because my partner has its application built using asp.net and uses this version of SSL. More info at https://mislav.net/2013/07/ruby-openssl/

So the final code is as follows:

Rails.application.config.middleware.use OmniAuth::Builder do
  client_id = 'my_client_id'
  client_secret = 'secret'

  ssl_options = {}
  ssl_options[:version] = :TLSv1

  ssl = {}
  ssl[:ssl] =  ssl_options

  provider :partner, client_id, client_secret,
    client_options: { connection_opts: ssl} ,
    setup: ->(env){
    req = Rack::Request.new(env)
    token_url = "https://#{req.params.fetch('shop')}"
    env['omniauth.strategy'].options[:client_options][:token_url] = token_url
  }
end