Bug #10613: SNI is not optional when using TLS - Ruby - Ruby Issue Tracking System

Bug #10613

Updated by nobu (Nobuyoshi Nakada) over 10 years ago

If ruby is using openssl with TLS extensions, and we attempt to connect to a server which supports TLS, but not SNI, the connection fails. 

 e.g.: 

 ~~~Ruby 
 uri = URI.parse("https://example.com") # a server that supports TLSv1 but not the TLS extensions 
 http = Net::HTTP.new(uri.host, uri.port) 
 http.use_ssl = true 
 http.ssl_version = :TLSv1 
 http.verify_mode = OpenSSL::SSL::VERIFY_PEER 
 response = http.get(url) 
 ~~~ 
 ~~~ 
 

 OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello B: parse tlsext 
 ~~~ 

 If I patch the `Net::HTTP#connect` Net::HTTP#connect method to not assign the hostname to the socket (s), we can avoid this error.

Back

Project

General

Profile

Ruby

Bug #10613