1

Summary: When I connect to Litmus via the gem, I get the following error:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 unrecognized name

Accessing the api via curl with the same credentials works OK.

I found this solution for a similar error: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A - Faraday::Error::ConnectionFailed

Which recommends changing the SSL options in oauth:

ssl_options[:version] = :TLSv1

Is there a way to set the ssl options for Litmus? Is there another possible workaround?

Here's the full trace:

2.0.0-p247 :002 > Litmus::Base.new("xxx.litmus.com", "yyy@yyy.com", "zzz", true)
 => #<Litmus::Base:0x007fad4a66dc68> 
2.0.0-p247 :003 > Litmus::EmailTest.list
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 unrecognized name
  from /Users/andrei/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in `connect'
  from /Users/andrei/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in `block in connect'
  from /Users/andrei/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/timeout.rb:52:in `timeout'
  from /Users/andrei/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in `connect'
  from /Users/andrei/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:862:in `do_start'
  from /Users/andrei/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:851:in `start'
  from /Users/andrei/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:1367:in `request'
  from /Users/andrei/.rvm/gems/ruby-2.0.0-p247/gems/httparty-0.13.1/lib/httparty/request.rb:93:in `perform'
  from /Users/andrei/.rvm/gems/ruby-2.0.0-p247/gems/httparty-0.13.1/lib/httparty.rb:521:in `perform_request'
  from /Users/andrei/.rvm/gems/ruby-2.0.0-p247/gems/httparty-0.13.1/lib/httparty.rb:457:in `get'
  from /Users/andrei/.rvm/gems/ruby-2.0.0-p247/gems/litmus-0.3.0/lib/litmus/test.rb:4:in `list'
  from /Users/andrei/.rvm/gems/ruby-2.0.0-p247/gems/litmus-0.3.0/lib/litmus/email_test.rb:4:in `list'
  from (irb):3
  from /Users/andrei/.rvm/rubies/ruby-2.0.0-p247/bin/irb:16:in `<main>'
aaandre
  • 2,502
  • 5
  • 33
  • 46
  • It sounds like the server requires a servername through SNI. Unfortunately, I don't know how to do it with Ruby. You can verify it with OpenSSL's `s_client`: `openssl s_client -tls1 -connect www.litmus.com:443 -servername litmus.com`. If it succeeds, then omit `-servername`. `-servername` sends the SNI extension. – jww Jul 11 '14 at 19:50
  • `Litmus::EmailTest...` - also, email can be different than HTTPS. With some email protocols, you establish a TCP connection and then enable TLS with `STARTTLS` extension. – jww Jul 11 '14 at 19:52

1 Answers1

1

I'm thinking you'll need to patch base.rb's initialize method to accept an ssl version parameter, and then add something like this to the method:

def initialize(company, username, password, ssl = false, ssl_version)
  protocol = ssl ? 'https' : 'http'
  self.class.base_uri "#{protocol}://#{company}.litmus.com"
  self.class.basic_auth(username, password)
  self.class.ssl_version = ssl_version # <=
end

Then call it like:

Litmus::Base.new("xxx.litmus.com", "yyy@yyy.com", "zzz", true, :TLSv1)

Hope that helps, I did notice you posted an issue of the same topic in their Github repo. Perhaps you can fork & create a pull request.

Brian
  • 6,820
  • 3
  • 29
  • 27
  • Thank you. I am getting `undefined method 'ssl_version=' for Litmus::Base:Class (NoMethodError)` which is strange because HTTParty does expose the `ssl_version=` method. Any ideas? – aaandre Jul 11 '14 at 19:02
  • hrm, that is indeed strange, just for giggles, try reverting what you changed, and just add the following `ssl_version = :TLSv1` after the `include HTTParty` statement in base.rb (outside of the initialize method). – Brian Jul 11 '14 at 19:10
  • OK, assigning SSL version works, but without the `=`, both on the class and in initialize. Unfortunately, still an SSL error: `SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: tlsv1 unrecognized name (OpenSSL::SSL::SSLError)` – aaandre Jul 11 '14 at 19:30
  • I'm afraid I may not be of more assistance, however I found the following question that may be somehow related to yours: http://stackoverflow.com/questions/17369962/opensslsslsslerror-ssl-connect-returned-1-errno-0-state-unknown-state-unkn . Maybe that will help point you in the right direction? – Brian Jul 11 '14 at 20:13
  • If that doesn't help, I'll delete my answer – Brian Jul 11 '14 at 20:17
  • Please do not delete your answer, it is relevant to "how to provide ssl_version" part. Yet, I will hold off with accepthing an answer as this turned out to not resolve the error. – aaandre Jul 11 '14 at 20:27