SSLv3 Alert Handshake Failure

[efdelacruz]

Hi fb_graph,

We encountered this error hours back,

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure): app/models/user.rb:435:in fb_auth_working?' app/controllers/home_controller.rb:35:inindex'

And here is the code block for 'fb_auth_working?' in our user model;

def fb_auth_working? begin fb_user = FbGraph::User.me( self.fb_access_token ) fb_user.fetch rescue FbGraph::Unauthorized => e return false end return true end

And then we were notified that Facebook has disabled their SSLv3 support aside from the SSLv3 vulnerability to Poodle; so in line with that, we have already disabled the usage of SSLv3 in our app server and upgraded our gems yet the error still continues to persist.

Only pages that go through our "fb_auth_working?" are affected by the SSL error.

Please advise.

Regards, Emery

[nov]

I couldn't reproduce the error, but I assume your openssl used in your ruby env are using SSL3. Can you provide which versions of these you're using?

• fb_graph gem
• httpclient gem
• ruby
• openssl (OpenSSL::OPENSSL_VERSION in irb)

ps. Disabling SSLv3 on your app server doesn't relate to your http client code.

[nov]

I've just found this tweet. It might help you. https://twitter.com/kevrone/status/522188166749769728

[vator]

Below are our gem versions:

fb_graph (2.6.4) httpclient (2.3.2) ruby 1.8.7 "OpenSSL 1.0.1 14 Mar 2012"

Thanks, Sheena

[nov]

httpclient 2.3.* uses SSLv3 as default. You can find the workaround here. https://github.com/nahi/httpclient/issues/202#issuecomment-59154062

[vator]

Hello,

Upgrading the httpclient seems to work on our end as well. Thank you for the prompt response.

Thanks, Sheena

[nov]

(y)

[nov]

oops, sorry, still not getting @efdelacruz's response.

[link82]

Thank you! Updated http_client to v. 2.4.0 and it worked! https://github.com/link82/fb_graph Tested in two websites and it worked perfecty.

[p3drosola]

This bug broke our fb login as well. @link82 's fix seems correct. Let's merge this!

:+1:

[bkoc]

same situation same fix :+1:

[rbmrclo]

:+1: on updating http_client to v2.4.0

[efdelacruz]

Hi there,

I'm on the same team with Sheena who replied earlier, so yes, our issue is solved with your suggestion.

Great thanks!

Regards, Emery

On Wednesday, October 15, 2014, Robbie Marcelo notifications@github.com wrote:

[image: :+1:] on updating http_client to v2.4.0

— Reply to this email directly or view it on GitHub https://github.com/nov/fb_graph/issues/372#issuecomment-59205077.

Emery F. dela Cruz2009-20633 (+63) 905 104 2575

BS Computer ScienceUniversity of the Philippines - Diliman UP Association for Computing Machinery - Student Chapter : Head of Logistics ('12-'13) UP Kustura : Logistics Committee member ('11-'13)

[furkanayhan]

same problem. When will you update the gem http://rubygems.org/gems/fb_graph ?

[nazmir]

Thanks for the prompt response. Upgrading to httpclient 2.4.0 resolved the issue for us too.

[nov]

are you still getting SSLv3 handshake error even with httpclient 2.4+?

[maurodias]

I'am but only in production... what can it be ?