Receiving "SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure" with openshift nodejs app

Asked 22/10, 2014 at 18:20 Answered 19/11, 2014 at 18:35

Solved node.js ssl openshift openshift-client-tools

I have a nodejs app on openshift, and we use the rhc port-forward command to connect to our database when we develop locally.

We have implemented passport to authenticate users through google and through facebook. I have authenticated my self, and we could still use the rhc commands. My partner has recently authenticated himself through facebook, and shortly after that (~1 week), we got this error thrown our way. Dont know if that is entirely relevant, but it couldn't hurt to include.

Connection to openshift.redhat.com failed: A secure connection could not be established to the   server
(SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure). You may
disable secure connections to your server with the -k (or --insecure) option
'https://openshift.redhat.com/broker/rest/api'.

If your server is using a self-signed certificate, you may disable certificate checks with the -k (or
--insecure) option. Using this option means that your data is potentially visible to third parties.

Any ideas on how to resolve this? I have seen this error on other stack questions, but every question I saw, the people posing the question were using ruby.

Amarillo answered 22/10, 2014 at 18:20 Comment(1)

Perhaps this has to do with POODLE and the disabling of SSLv3 on the server-side. You might try forcing TLS 1.x when connecting to the server. – Pileum 22/10, 2014 at 19:9

This is likely a result of the POODLE SSLv3 debacle. You can fix it by updating the httpclient ruby gem. At the command line type:

sudo gem update httpclient

Or you can also fix it by adding the following to your .openshift/express.conf file:

ssl_version=tlsv1

Both of these fixes essentially tell your app to use TLSv1 instead of SSLv3.

Average answered 22/10, 2014 at 19:52 Comment(4)

"sudo gem install httpclient" is not work for me. I got "An unexpected error occured: undefined method `[]' for nil:NilClass" instead. "gem update rhc" fixed. – Whooper 23/10, 2014 at 3:28

This did not work for me, either, but gem update rhc did (see my comment to the answer below). It updated rhc, and also updated httpclient to httpclient-2.5.3.3. Did you mean update instead of install, or are the cases where install will suffice? – Enemy 1/12, 2014 at 19:39

@JohnSchmidt, install works if you are using a new gemset or something but most of all I believe update should be used. You could also use install with the -v option if you don't want to update to the latest version but to a specific version you know will work. – Kaolin 6/1, 2015 at 5:6

My answer worked for me but it looks like the answer below using "gem update rhc" was more widely useful so although this is ancient and not a problem anymore I'd recommend that answer first probably – Average 5/11, 2017 at 18:6

The rhc gem has been updated, please run gem update rhc and you will get the newest fixed version.

Whooper answered 23/10, 2014 at 3:27 Comment(1)

This also worked for me, beautifully. update worked where every iteration of install, or uninstall followed by install, etc. failed. It updated rhc to rhc-1.32.2 and httpclient to httpclient-2.5.3.3. So where install doesn't work, try update. I don't know enough about the rubygems system to know why update would succeed when a fresh install doesn't, but that was my experience, in this instance at least. – Enemy 1/12, 2014 at 19:32

I had the same issue on Windows with ruby 1.9.3 and httpclient 2.3.4.1

gem update httpclient updated the same to 2.5.3.3 and thus fixed the issue.

Borrow answered 19/11, 2014 at 18:35 Comment(0)

Recommended topics

Hot tags