SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A

[mauro-oto]

Hello!

I am getting the following exception when first communicating with the API via Savon:

HTTPI::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/httpi-2.4.2/lib/httpi/adapter/net_http.rb:51:in `rescue in request'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/httpi-2.4.2/lib/httpi/adapter/net_http.rb:33:in `request'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/httpi-2.4.2/lib/httpi.rb:161:in `request'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/httpi-2.4.2/lib/httpi.rb:127:in `get'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/wasabi-3.5.0/lib/wasabi/resolver.rb:43:in `load_from_remote'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/wasabi-3.5.0/lib/wasabi/resolver.rb:33:in `resolve'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/wasabi-3.5.0/lib/wasabi/document.rb:142:in `xml'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/wasabi-3.5.0/lib/wasabi/document.rb:160:in `parse'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/wasabi-3.5.0/lib/wasabi/document.rb:147:in `parser'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/wasabi-3.5.0/lib/wasabi/document.rb:64:in `soap_actions'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/savon-2.11.1/lib/savon/operation.rb:22:in `ensure_exists!'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/savon-2.11.1/lib/savon/operation.rb:15:in `create'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/savon-2.11.1/lib/savon/client.rb:32:in `operation'
    from /home/deployer/27shops.com/shared/bundle/ruby/2.1.0/gems/savon-2.11.1/lib/savon/client.rb:36:in `call'

I've tried using ssl_version: :TLSv1 instead in the Savon client, and it works. Apparently, AFIP doesn't support SSLv2/3. This is our current monkeypatch:

module Bravo
  class Reference
    def self.set_client
      opts = { wsdl: Bravo::AuthData.wsfe_url }.merge! Bravo.logger_options
      @client = Savon.client(opts.merge(ssl_version: :TLSv1))
    end
  end
end

Does it make sense to submit a PR to make sure that we use TLSv1 as default in every Savon.client?

Let me know!

[leanucci]

At a first glance, looks like the fix is correct. Even tho I've never run into this error before, AFIP tends to be very secretive about their changes, which makes this harder to identify.

Can you provide more information about your environment? Ruby version, gemfile/lock? Thanks!