Bug #9822


Ruby doesn't respect system OpenSSL configuration

Added by Envek (Andrey Novikov) about 9 years ago. Updated over 3 years ago.

Target version:
ruby -v:
ruby 2.2.0dev (2014-05-10 trunk 45893) [x86_64-linux]



I need to work with SSL (HTTPS) with GOST encryption, but ruby doesn't connect to the servers that requires GOST algorithms to be used for encryption.

The issue is in fact, that it is required to modify system OpenSSL config to GOST work properly (see GOST engine README in OpenSSL source:

If system OpenSSL correctly configured, openssl tools works fine (e.g. openssl s_client will connect).

But even the system with OpenSSL configured ruby would not connect to the GOST HTTPS servers.


After some googling I've found post from people who have patched PHP to work with GOST HTTPS, and I've tried to make the similar patch for Ruby. There is also info, that other software like curl also needs such a patching. (Post (in russian):

And it works!

Patch is attached to this issue. I've tested it with 2.1.1 and today trunk in Ubuntu Linux 12.04 and Mac OS X 10.9 (both with RVM).

How to test

Upgrade and configure your OpenSSL (you need version 1.0.0 or above), instructions for configuring and testing can be found in links above.

Try to execute attached ssl_example.rb script (it effectively downloads root page of site, that I've configured for this, be aware that usual browsers won't be able to connect to it and only Firefox will display useful error message)

You should get some text with SSL connection info to STDOUT if it works and exception otherwise.

Another server for test:


For HTTPS with GOST I've written a little gem that wrapping openssl s_client utility:


respect_system_openssl_settings.patch (430 Bytes) respect_system_openssl_settings.patch Patch that fixes this bug Envek (Andrey Novikov), 05/09/2014 08:21 PM
ssl_example.rb (558 Bytes) ssl_example.rb Test script Envek (Andrey Novikov), 05/09/2014 08:21 PM

Updated by zzak (Zak Scott) about 9 years ago

  • Status changed from Open to Assigned

Updated by Envek (Andrey Novikov) almost 9 years ago

Can anyone review this? Patch is very simple (one line!).

Also, there is related issue:

Updated by zzak (Zak Scott) almost 9 years ago

  • Target version set to 2.2.0
Actions #4

Updated by zzak (Zak Scott) over 7 years ago

  • Assignee changed from MartinBosslet (Martin Bosslet) to 7150

Updated by wolfer (Sergey Fedosov) over 6 years ago

much needed patch, I often used gost-crypt

Updated by jeremyevans0 (Jeremy Evans) almost 4 years ago

I submitted a pull request to ruby-openssl to use OPENSSL_config:

Updated by jeremyevans0 (Jeremy Evans) over 3 years ago

  • Status changed from Assigned to Closed

After some research by @ioquatix (Samuel Williams), OpenSSL 1.1.0+ should now work correctly and we should not need this setting. If this doesn't work for you with OpenSSL 1.1.0+, or you would like like Ruby to support older versions of OpenSSL with this feature, please reopen the pull request:


Also available in: Atom PDF