em-http-request
em-http-request copied to clipboard
igrigorik
TLS protocol / version support issue TLSv3 support needed
One of the servers I'm using is now returning this. Argh.
> error : SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: tlsv1 alert protocol version
I have some old code that uses em-http-request and I see code that looks like this:
class NetHTTPClient < APIClient
def initialize(api_key = '', api_secret = '', api_pass = '', options = {})
super(api_key, api_secret, api_pass, options)
@conn = Net::HTTP.new(@api_uri.host, @api_uri.port)
@conn.use_ssl = true if @api_uri.scheme == 'https'
@conn.cert_store = self.class.whitelisted_certificates
@conn.ssl_version = :TLSv1
end
private
def http
_verb(method, path, body = nil)
case method
when 'GET' then req = Net::HTTP::Get.new(path)
when 'POST' then req = Net::HTTP::Post.new(path)
when 'DELETE' then req = Net::HTTP::Delete.new(path)
else fail
end
here : https://github.com/Tectract/gdax-client/blob/master/lib/coinbase/exchange/adapters/net_http.rb
@conn.ssl_version = :TLSv1
that line is surely a problem. How can I update to allow it to connect to the SSLV3 server? I believe this is related to SNI support...
I'm terribly allergic to poodles! Is there any way to update the server to TLSv1.3 before I make a visit?
luckily I tracked down this issue, it was actually making a request through the newrelic_rpm gem, NET::http method, which appears deprecrated, lol. I was able to get it to connect to coinbase REST API again by updating this one line:
@conn.ssl_version = :TLSv1
to:
@conn.ssl_version = :TLSv1_2
Thankfully! All the new TLS NMI and version updates are causing havoc for old linux / rails / ruby implementations that used OpenSSL TLSv1. It's not the first time I have done battle with it, lol.
Luckily my TLS stack for the webserver itself is upgraded and secured with TSL1.3. This is just a backend call to a third-party data provider, so as long as it works, I'm happy :)