7

I have a nodejs app on openshift, and we use the rhc port-forward command to connect to our database when we develop locally.

We have implemented passport to authenticate users through google and through facebook. I have authenticated my self, and we could still use the rhc commands. My partner has recently authenticated himself through facebook, and shortly after that (~1 week), we got this error thrown our way. Dont know if that is entirely relevant, but it couldn't hurt to include. 

Connection to openshift.redhat.com failed: A secure connection could not be established to the   server
(SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure). You may
disable secure connections to your server with the -k (or --insecure) option
'https://openshift.redhat.com/broker/rest/api'.

If your server is using a self-signed certificate, you may disable certificate checks with the -k (or
--insecure) option. Using this option means that your data is potentially visible to third parties.

Any ideas on how to resolve this? I have seen this error on other stack questions, but every question I saw, the people posing the question were using ruby.

timo.rieber
  • 3,727
  • 3
  • 32
  • 47
user2796352
  • 974
  • 3
  • 14
  • 23
  • Perhaps this has to do with POODLE and the disabling of SSLv3 on the server-side. You might try forcing TLS 1.x when connecting to the server. – mscdex Oct 22 '14 at 19:09

3 Answers3

13

This is likely a result of the POODLE SSLv3 debacle. You can fix it by updating the httpclient ruby gem. At the command line type: 

sudo gem update httpclient

Or you can also fix it by adding the following to your .openshift/express.conf file:

ssl_version=tlsv1

Both of these fixes essentially tell your app to use TLSv1 instead of SSLv3.

milesaron
  • 385
  • 3
  • 12
  • "sudo gem install httpclient" is not work for me. I got "An unexpected error occured: undefined method `[]' for nil:NilClass" instead. "gem update rhc" fixed. – coordinate Oct 23 '14 at 03:28
  • 1
    This did not work for me, either, but `gem update rhc` did (see my comment to the answer below). It updated `rhc`, and also updated `httpclient` to `httpclient-2.5.3.3`. Did you mean `update` instead of `install`, or are the cases where `install` will suffice? – John Schmidt Dec 01 '14 at 19:39
  • @JohnSchmidt, install works if you are using a new gemset or something but most of all I believe update should be used. You could also use install with the -v option if you don't want to update to the latest version but to a specific version you know will work. – Tyrone Wilson Jan 06 '15 at 05:06
  • My answer worked for me but it looks like the answer below using "gem update rhc" was more widely useful so although this is ancient and not a problem anymore I'd recommend that answer first probably – milesaron Nov 05 '17 at 18:06
7

The rhc gem has been updated, please run gem update rhc and you will get the newest fixed version.

coordinate
  • 15,224
  • 6
  • 24
  • 24
  • This also worked for me, beautifully. `update` worked where every iteration of `install`, or `uninstall` followed by `install`, etc. failed. It updated `rhc` to `rhc-1.32.2` and `httpclient` to `httpclient-2.5.3.3`. So where `install` doesn't work, try `update`. I don't know enough about the **rubygems** system to know why `update` would succeed when a fresh install doesn't, but that was my experience, in this instance at least. – John Schmidt Dec 01 '14 at 19:32
1

I had the same issue on Windows with ruby 1.9.3 and httpclient 2.3.4.1

gem update httpclient updated the same to 2.5.3.3 and thus fixed the issue.

Bernhard
  • 686
  • 8
  • 20