From: eddyhkim@... Date: 2014-12-17T23:02:51+00:00 Subject: [ruby-core:66929] [ruby-trunk - Bug #10613] SNI is not optional when using TLS Issue #10613 has been updated by Eddy Kim. sorry, this was my first ticket, so didn't see the bug reporting guidelines until now: ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-linux] (although the patch is against 2.1) And this should go to naruse, though I can't seem to edit the issue metadata to assign it to him. :( ---------------------------------------- Bug #10613: SNI is not optional when using TLS https://bugs.ruby-lang.org/issues/10613#change-50473 * Author: Eddy Kim * Status: Open * Priority: Normal * Assignee: * Category: lib * Target version: * ruby -v: 2.1 * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN ---------------------------------------- If ruby is using openssl with TLS extensions, and we attempt to connect to a server which supports TLS, but not SNI, the connection fails. e.g.: uri = URI.parse("https://example.com") # a server that supports TLSv1 but not the TLS extensions http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true http.ssl_version = :TLSv1 http.verify_mode = OpenSSL::SSL::VERIFY_PEER response = http.get(url) OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello B: parse tlsext If I patch the Net::HTTP#connect method to not assign the hostname to the socket (s), we can avoid this error. ---Files-------------------------------- optional-sni.patch (1019 Bytes) -- https://bugs.ruby-lang.org/