jruby
SSL handshake failure
SSL fails with latest http gem under jruby:
jruby-9.0.4.0 :031 > require "http" => true jruby-9.0.4.0 :032 > HTTP.get("https://blocktrades.us") OpenSSL::SSL::SSLError: Received fatal alert: handshake_failure from org/jruby/ext/openssl/SSLSocket.java:218:in connect' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/timeout/null.rb:26:inconnect_ssl' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/timeout/null.rb:35:in start_tls' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/connection.rb:158:instart_tls' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/connection.rb:44:in initialize' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/client.rb:60:inperform' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/client.rb:41:in request' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/chainable.rb:75:inrequest' from /home/.rvm/gems/jruby-9.0.4.0/gems/http-2.2.2/lib/http/chainable.rb:19:in get' from (irb):32:in' from org/jruby/RubyKernel.java:978:in eval' from org/jruby/RubyKernel.java:1291:inloop' from org/jruby/RubyKernel.java:1098:in catch' from org/jruby/RubyKernel.java:1098:incatch' from /home/user/.rvm/rubies/jruby-9.0.4.0/bin/irb:13:in `'
SSL is working: https://www.sslshopper.com/ssl-checker.html#hostname=blocktrades.us
thank you heroes <3
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
could you upgrade to latest 9.1 (or at least 9.0.5) and than also report back your JVM version. some older JRuby 9.x had an issue with not picking up the latest jruby-openssl gem even when its installed
could you upgrade to latest 9.1 (or at least 9.0.5) and than also report back your JVM version.
jruby 9.1.7.0 (2.3.1) 2017-01-11 68056ae Java HotSpot(TM) Client VM 25.66-b17 on 1.8.0_66-b17 +jit [linux-i386] jruby-openssl (0.9.20 java, 0.9.18 java) thanks
This is still failing on JRuby master, but we have a reproduction script courtesy of https://twitter.com/notsleepy/status/951564023920721921
require 'rubygems'
require "httpclient"
# RUN : jruby test.rb
=begin
I GET THIS CRAP:
Error: Java::JavaxNetSsl::SSLHandshakeException: Received fatal alert: handshake_failure https://jeanmartainnaturopath.com.au/likeslinks/
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/jruby_ssl_socket.rb:495:in `initialize'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/jruby_ssl_socket.rb:474:in `create_socket'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/session.rb:752:in `block in connect'
org/jruby/ext/timeout/Timeout.java:149:in `timeout'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/session.rb:748:in `connect'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/session.rb:511:in `query'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient/session.rb:177:in `query'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:1242:in `do_get_block'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:1019:in `block in do_request'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:1133:in `protect_keep_alive_disconnected'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:1014:in `do_request'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:856:in `request'
/Users/tony/.rvm/gems/jruby-9.1.12.0/gems/httpclient-2.8.3/lib/httpclient.rb:743:in `get'
test.rb:27:in `get_page_content'
=end
def get_page_content(path, timeout) # timeout is in seconds
# ***** SET THE CHOICE OF LIB FOR REQUESTS HERE! ************
usecurl = false
#************************************************************
begin
# OPTION 1: CURL
if usecurl
status = Timeout::timeout(timeout) {
response = Curl::Easy.new(path) do |curl|
curl.headers["User-Agent"] = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"
curl.connect_timeout = timeout
curl.ssl_verify_peer = false
end
response.perform
}
# OPTION 2: HTTPCLIENT
else
client = HTTPClient.new()
client.connect_timeout = timeout #give up after X seconds
client.receive_timeout = timeout #give up after X seconds
client.send_timeout = timeout #give up after X seconds
client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
response = client.get(path,
:header => {'User-Agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11', 'Referer' => 'http://www.google.com', }
)
end
rescue => e
puts "Error: #{$!} #{path}"
puts e.backtrace
return "Error retrieving: #{$!}"
end
return response
end
url = "https://jeanmartainnaturopath.com.au/likeslinks/"
response = get_page_content(url, 5000)
puts response.body
the problem here is likely with the Java cacerts on your machine (since JRuby is running on top of Java) and not in this gem.
The following Java snippet would confirm if that was the case
new URL("https://letsencrypt.org/").openConnection().connect();
Your letsencrypt cert should work if you update to the latest Java, otherwise you'd have to follow these instructions
A week ago I started getting the same error without having changed anything in my jruby code or with my letsencrypt certificate, it just suddenly broke. I am on jruby 9.2.7.0 (9.2.8 not yet available through rvm) with jruby-openssl 0.10.2 on jre8.u222.
I also tested for max key length and the allowed key length for AES is 2147483647 on my machine.
How do I run the above snippet to better sort out the problem? (I don't know java)
Any help is greatly appreciated!
Solved my problem by adding the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher to my nginx config (even though this one is considered weak as of today). It looks like jruby-openssl (or is it java8?) and let's encrypt (certbot) do not share a common cipher any more - at least when keeping the defaults.