SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number (OpenSSL::SSL::SSLError)

Question

When I ran https.ssl_version = :TLSv1_2

I got the error

ruby/2.1.0/net/http.rb:920:in `connect': 
SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: 
wrong version number (OpenSSL::SSL::SSLError)

Whe I changed to https.ssl_version = :SSLv3

ruby/2.1.0/net/http.rb:920:in `connect': 
SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A 
(OpenSSL::SSL::SSLError)

But I can do it without any error by rest client

resp = RestClient.post(server_url, content, header)

The ssl connection is make me confused so much.

The problem both on macos and ubuntu 14.04

UPDATE

Check my SSL parameters

Under default Ruby by `irb`

irb(main):001:0> require 'openssl'
=> true
irb(main):002:0>  OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
=> {:ssl_version=>"SSLv23", :verify_mode=>1, :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", :options=>-2147482625}

Under Rails

{
    :ssl_version => "SSLv23",
    :verify_mode => 1,
        :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
        :options => -2147482625
}
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>

Brute force to try all kind of SSL version within Rails

I changed the method by `OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ssl_version]=method`

:TLSv1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>

same problem here. did you solve this? – Luccas Feb 26 '15 at 19:46 — Luccas, Feb 26 '15 at 19:46
please check the port number and address. – vidur punj Feb 24 '22 at 11:47 — vidur punj, Feb 24 '22 at 11:47

spickermann · Answer 1 · 2018-05-30T13:26:43.413

If you set the ssl_version to TLSv1_2 and the server does not support that version then you will see this error (same for SSLv3).

My guess is that RestClient probably just uses Ruby's default SSLv23. If that version is supported by the server it might just work.

Check the default for your Ruby version like this:

require 'openssl'
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
# => {
# =>     :ssl_version => "SSLv23",
# =>     :verify_mode => 1,
# =>     :ciphers     => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
# =>     :options     => -2147482625
# => }

If https.ssl_version = :TLSv1_2 does not work then I would try other versions.

You can get a list of all available versions in your Ruby with:

OpenSSL::SSL::SSLContext::METHODS

I would start with:

https.ssl_version = 'SSLv23'

Or you may want to ask the owner of the server which versions are supported.

Hi I updated my status, unfortunely, it seems the `DEFAULT_PARAMS ` are identical for the 2 environment — newBike, Oct 30 '14 at 06:02
I tried all the SSL method, but still getting error within Rails , But works outside Rails — newBike, Oct 30 '14 at 06:51

score 4 · Answer 2 · edited May 23 '17 at 11:54

 When I ran https.ssl_version = :TLSv1_2
 ...
 https.ssl_version = :SSLv3

Any peer supporting only TLS1.0 or TLS1.1 will not work with both of these tests, because the offered version is either too high or too low. It is better to leave the default to SSLv23 handshake but explicitly disable SSLv3.

To do this you need to fiddle with the options and add SSL_OP_NO_SSLv3, see https://stackoverflow.com/a/24237525/3081018

score 0 · Answer 3 · edited Jul 26 '23 at 05:56

0

For what it's worth, I'm in an Airbnb with some suspect wifi and started getting this error. I think it was some overly "helpful" firewall (or something like that) in the router. I installed Cloudflare WARP and my problems are fixed.

edited Jul 26 '23 at 05:56

starball

20,030
7
43
238

answered Jul 26 '23 at 03:11

steve

3,276
27
25

SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number (OpenSSL::SSL::SSLError)

UPDATE

Under default Ruby by irb

Under Rails

Brute force to try all kind of SSL version within Rails

3 Answers3

Under default Ruby by `irb`