Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.
 

SSL errors


#1

Hi,
While test runs some of our tests can’t send info to testrail.
There is errors in log: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3
I found that it can be because of misconfiguration in SSL/TLS.(http://stackoverflow.com/questions/25814210/opensslsslsslerror-ssl-connect-syscall-returned-5-errno-0-state-sslv3-read)
Looks like you have several servers in load balancing. And some of them have wrong SSL/TLS configuration. Thats why some tests can’t send info using your API.
Can you help me to resolve this issue?

SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A["C:/Ruby193/lib/ruby/1.9.1/net/http.rb:800:in `connect'", 
"C:/Ruby193/lib/ruby/1.9.1/net/http.rb:800:in `block in connect'", "C:/Ruby193/lib/ruby/1.9.1/timeout.rb:55:in `timeout'", "C:/Ruby193/lib/ruby/1.9.1/timeout.rb:100:in `timeout'", 
"C:/Ruby193/lib/ruby/1.9.1/net/http.rb:800:in `connect'", "C:/Ruby193/lib/ruby/1.9.1/net/http.rb:756:in `do_start'", "C:/Ruby193/lib/ruby/1.9.1/net/http.rb:745:in `start'",
 "C:/Ruby193/lib/ruby/1.9.1/net/http.rb:1285:in `request'", "C:/BuildAgent/work/24b7f64ed6c6a22a/Ruby_Autotests/common/testrail.rb:82:in `_send_request'",
 "C:/BuildAgent/work/24b7f64ed6c6a22a/Ruby_Autotests/common/testrail.rb:45:in `send_get'", 
"C:/BuildAgent/work/24b7f64ed6c6a22a/Ruby_Autotests/common/test_rail_reporting.rb:59:in `get_test_id'",

#2

Hello Viktor,

Thanks for your posting. This looks like a SSL client/server version mismatch. We disabled SSLv3 everywhere on our systems last year as this is longer considered secure (POODLE). Could you please check if your client library also supports TLS and if you can force this? The StackOverflow article you linked to includes an example for this.

Regards,
Tobias


#3

I’ve updated Ruby 1.9.3 to the latest version.

ruby 1.9.3p551 (2014-11-13) [i386-mingw32] OpenSSL 1.0.0o 15 Oct 2014
Still same errors.

I’ve added ssl version TLSv1 in testrail.rb

if url.scheme == 'https'
                conn.verify_mode = OpenSSL::SSL::VERIFY_NONE
                conn.use_ssl = true
                conn.ssl_version = :TLSv1
                conn.ciphers = ['RC4-SHA']
            end

Still same errors.

The bigest strange is that not all tests have this errors and tests with this errors are allways different.


#4

Hello Viktor,

Thanks for the update. Do you use a self-hosted TestRail installation or an instance on our servers (testrail.com/net)? If the latter, could you please send us the address to our help desk at contact@gurock.com?

Regards,
Tobias


#5

I sent it.


#6

Thanks, Viktor. We are working on this and will get back to you via email.

Regards,
Tobias