Bug #9822

Ruby doesn't respect system OpenSSL configuration

Added by Envek (Andrey Novikov) almost 5 years ago. Updated about 1 year ago.

Target version:
ruby -v:
ruby 2.2.0dev (2014-05-10 trunk 45893) [x86_64-linux]



I need to work with SSL (HTTPS) with GOST encryption, but ruby doesn't connect to the servers that requires GOST algorithms to be used for encryption.

The issue is in fact, that it is required to modify system OpenSSL config to GOST work properly (see GOST engine README in OpenSSL source:

If system OpenSSL correctly configured, openssl tools works fine (e.g. openssl s_client will connect).

But even the system with OpenSSL configured ruby would not connect to the GOST HTTPS servers.


After some googling I've found post from people who have patched PHP to work with GOST HTTPS, and I've tried to make the similar patch for Ruby. There is also info, that other software like curl also needs such a patching. (Post (in russian):

And it works!

Patch is attached to this issue. I've tested it with 2.1.1 and today trunk in Ubuntu Linux 12.04 and Mac OS X 10.9 (both with RVM).

How to test

Upgrade and configure your OpenSSL (you need version 1.0.0 or above), instructions for configuring and testing can be found in links above.

Try to execute attached ssl_example.rb script (it effectively downloads root page of site, that I've configured for this, be aware that usual browsers won't be able to connect to it and only Firefox will display useful error message)

You should get some text with SSL connection info to STDOUT if it works and exception otherwise.

Another server for test:


For HTTPS with GOST I've written a little gem that wrapping openssl s_client utility:


respect_system_openssl_settings.patch (430 Bytes) respect_system_openssl_settings.patch Patch that fixes this bug Envek (Andrey Novikov), 05/09/2014 08:21 PM
ssl_example.rb (558 Bytes) ssl_example.rb Test script Envek (Andrey Novikov), 05/09/2014 08:21 PM


Updated by zzak (Zachary Scott) almost 5 years ago

  • Status changed from Open to Assigned

Updated by Envek (Andrey Novikov) almost 5 years ago

Can anyone review this? Patch is very simple (one line!).

Also, there is related issue:

Updated by zzak (Zachary Scott) almost 5 years ago

  • Target version set to 2.2.0

Updated by zzak (Zachary Scott) over 3 years ago

  • Assignee changed from MartinBosslet (Martin Bosslet) to openssl

Updated by wolfer (Sergey Fedosov) over 2 years ago

much needed patch, I often used gost-crypt

Updated by mayduavongts (mayduavong mayduavongts) about 1 year ago

Thanks for sharing, nice post! Post really provice useful information!

Also available in: Atom PDF