Bug #19073
closed
openssl gem 3.0.0 problem
Description
We have a server using openssl 3.0.3 (i.e. written i C).
This has worked with all kinds of different clients (ruby, C, java...) without any problem... except now, with the latest ruby gem, openssl 3.0.0.
The behavior is odd: It successfully connects, and exchanges a request and response, and then it seems the client just disconnects (from the server's perspective; there's no difference in the debug output from openssl from a normal disconnect, it just happens prematurely).
We have pin-pointed the problem to the transition from gem version 2.2.1 to 3.0.0:
| ruby | gem | OpenSSL::OPENSSL_VERSION | Works? |
|---|---|---|---|
| ruby 3.0.4p208 (2022-04-12 revision 3fa771dded) [x86_64-linux] | openssl (default: 2.2.1) | OpenSSL 1.1.1k FIPS 25 Mar 2021 | Yes |
| ruby 3.1.0p0 (2021-12-25 revision fb4df44d16) [x86_64-linux] | openssl (default: 3.0.0) | OpenSSL 1.1.1k FIPS 25 Mar 2021 | No |
The same problem remains in ruby 3.1.2 (which has the same gem as 3.1.0). This was tested on AlmaLinux 8.4 (i.e. Redhat 8.4).
Updated by retro (Josef Šimánek) over 1 year ago
Can you share more details to reproduce like Dockerfile? Also if I understand it well, Ruby OpenSSL issues are tracked at https://github.com/ruby/openssl/issues now.
Updated by hspem (Per-Erik Martin) over 1 year ago
retro (Josef Šimánek) wrote in #note-1:
Can you share more details to reproduce like Dockerfile? Also if I understand it well, Ruby OpenSSL issues are tracked at https://github.com/ruby/openssl/issues now.
Sorry, no. Ok, I wasn't aware of this. Should I report it there instead?
Updated by rhenium (Kazuki Yamaguchi) over 1 year ago
- Status changed from Open to Third Party's Issue
Yes, openssl issues should go to the GitHub.
But we need a way to reproduce the problem, or at least some clues, to investigate further. As a starter, you can try other combinations, such as Ruby 3.0.x + openssl 3.0.x or Ruby 3.1.x + openssl 2.2.x.
Updated by hspem (Per-Erik Martin) over 1 year ago
rhenium (Kazuki Yamaguchi) wrote in #note-3:
Yes, openssl issues should go to the GitHub.
But we need a way to reproduce the problem, or at least some clues, to investigate further. As a starter, you can try other combinations, such as Ruby 3.0.x + openssl 3.0.x or Ruby 3.1.x + openssl 2.2.x.
I just managed to try the other two combinations of ruby and gem versions, and a bit unexpected, it seems it actually depends on the ruby version.
That is, ruby 3.0.4 with openssl 3.0.0 still works, and ruby 3.1.0 with openssl 2.2.1 still does not work.