Gem busted on MacOS builds because of TLSv1 issue

mattm · June 20, 2018, 4:48pm

This morning we started seeing gem fail to build with this error:

Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert protocol version

I confirmed it was an openSSL version issue:

bash-3.2$ openssl s_client -connect rubygems.org:443
CONNECTED(00000003)
608:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/s23_clnt.c:593:

In lieu of a system upgrade, we ended up using DYLD flags to point ruby at the homebrew-installed openssl version (which fixes it), but this is definitely a hack.

export HOMEBREW_OPENSSL_LIB=/usr/local/opt/openssl/lib
# Use the homebrew openssl 1.0
cp $HOMEBREW_OPENSSL_LIB/libcrypto.1.0.0.dylib $HOMEBREW_OPENSSL_LIB/libcrypto.0.9.8.dylib
cp $HOMEBREW_OPENSSL_LIB/libssl.1.0.0.dylib $HOMEBREW_OPENSSL_LIB/libssl.0.9.8.dylib
# Copy ruby to /tmp/ because we can't change DYLD flags on restricted bins
cp `which ruby` /tmp/ruby
# Run gem w/the homebrew lib
sudo DYLD_LIBRARY_PATH=/usr/local/opt/openssl/lib /tmp/ruby `which gem` install [...]

marc · June 20, 2018, 5:14pm

Thanks for posting.

What version of xcode are you using? And was this an issue on CircleCI 1 or 2?

Thanks,

Marc

simonh1000 · June 21, 2018, 6:19am

Seeing this too with a CI2.0 system. Not a single build works now.

Our CI gurus are away at present so really need step-by-step instructions on how to fix this

mattm · June 21, 2018, 9:13am

This is CircleCI 2 on Xcode 9.0

fernfernfern · June 21, 2018, 9:15am

Hello,

This is a known issue that will happen occasionally with rubygems.org. You can find more information and a solution here on their website:

https://guides.rubygems.org/ssl-certificate-update/#installing-using-update-packages

halfer · June 21, 2018, 10:18am

Your bus number is presently zero, which is probably a business risk that needs addressing!

mattm · June 22, 2018, 2:55am

I don’t think this is the same issue as you noted here. The error in my case is tlsv1 alert protocol version.

system · September 20, 2018, 3:03am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ERROR: Could not find a valid gem 'bundler' (>= 0) Build Environment ios , circle-yml , 2.0	2	4816	October 22, 2019
SSL error when build is download gems Build Environment rubygems	0	920	July 16, 2019
How can I install the ruby gem openssl version 2.2.1 Build Environment	1	4367	February 1, 2023
Homebrew stopped to download openssl@1.1 Feedback & Bug Reports circle-yml , homebrew	2	3588	April 19, 2021
Somehow it happened there is no executable 'openssl' Build Environment	2	2217	June 18, 2018

Gem busted on MacOS builds because of TLSv1 issue

Related topics