OpenSSL 'no ciphers' error on OS X when using Net::HTTP


#1

OpenSSL::SSL::SSLError: SSL_CTX_new:: library has no ciphers

This error is thrown whenever I use anything that uses Net::HTTP. OS X
Tiger, ruby 1.8.2 (2004-12-25) [powerpc-darwin8.2.1]

What could it mean?

Joshua Sierles


#2

It means that the ruby that ships with OS X is busted and you’ll need
to compile from source or use something like darwin ports or fink.

-Jonathan


#3

On 12/19/05, Jonathan Y. removed_email_address@domain.invalid wrote:

It means that the ruby that ships with OS X is busted and you’ll need
to compile from source or use something like darwin ports or fink.

Does anyone know if the last security update (2005-009), which
included an upgrade to OpenSSL 0.9.7i, fixed this problem? Or affected
it in any way?

More info on the update:

http://docs.info.apple.com/article.html?artnum=302847


Chris B.

http://hypsometry.com/ : website edification
http://uvlist.org/ : free classifieds for the Upper Valley


#4

Jonathan Y. wrote:

It means that the ruby that ships with OS X is busted and you’ll need
to compile from source or use something like darwin ports or fink.

-Jonathan

I’m getting the same error. However, I have installed ruby via
DarwinPorts. For kicks, I also installed the “fixed” rbconfig.rb file
in my machine as detailed here
(http://wiki.rubyonrails.com/rails/pages/RailsOnOsx#5) and have also
disabled Apple’s Ruby by renaming it to /usr/bin/ruby.apple.

Is there anything else I should be doing?


#5

Try ruby 1.8.3? gem update everything?


#6

Kyle M. wrote:

Try ruby 1.8.3? gem update everything?

No, I haven’t… mainly because the main RubyOnRails.com recommends
1.8.2 for use with Rails. I’m also already up-to-date with everything I
installed with Gem.


#7

On Dec 29, 2005, at 12:44 PM, Ed C. wrote:

Anyone –

Was a solution to this ever found? (I’m having the same issue, when
trying to to “./script plugin discover”)

Regards,
EJC

Anyone?

I’m also in the “I compiled Ruby myself and I’m still getting this
troublesome message” group.

Duane J.
(canadaduane)
http://blog.inquirylabs.com/


#8

On Dec 29, 2005, at 12:44 PM, Ed C. wrote:

Anyone –

Was a solution to this ever found? (I’m having the same issue, when
trying to to “./script plugin discover”)

Regards,
EJC

Just to be more specific, here’s what I’m seeing:

86$ ruby script/plugin discover
/opt/local/lib/ruby/1.8/net/protocols.rb:38:in new': SSL_CTX_new:: library has no ciphers (OpenSSL::SSL::SSLError) from /opt/local/lib/ruby/1.8/net/protocols.rb:38:ininitialize’
from /opt/local/lib/ruby/1.8/net/http.rb:430:in open' from /opt/local/lib/ruby/1.8/net/http.rb:430:indo_start’
from /opt/local/lib/ruby/1.8/net/http.rb:419:in start' from /opt/local/lib/ruby/1.8/net/http.rb:324:instart’
from /opt/local/lib/ruby/1.8/open-uri.rb:544:in proxy_open' from /opt/local/lib/ruby/1.8/open-uri.rb:525:indirect_open’
from /opt/local/lib/ruby/1.8/open-uri.rb:169:in open_loop' ... 12 levels... from /opt/local/lib/ruby/site_ruby/1.8/rubygems/ custom_require.rb:21:inrequire__’
from /opt/local/lib/ruby/site_ruby/1.8/rubygems/
custom_require.rb:21:in require' from /opt/local/lib/ruby/gems/1.8/gems/activesupport-1.2.5/ lib/active_support/dependencies.rb:214:inrequire’
from script/plugin:3

Duane J.
(canadaduane)
http://blog.inquirylabs.com/


#9

Anyone –

Was a solution to this ever found? (I’m having the same issue, when
trying to to “./script plugin discover”)

Regards,
EJC

Brian Coates wrote:

Kyle M. wrote:

Try ruby 1.8.3? gem update everything?

No, I haven’t… mainly because the main RubyOnRails.com recommends
1.8.2 for use with Rails. I’m also already up-to-date with everything I
installed with Gem.


#10

I installed from darwinports – ruby 1.8.2, which included a
dependency for OpenSSL 0.9.8a

I see the exact same error as Duane.


#11

On Jan 8, 2006, at 11:20 PM, Duane J. wrote:

Anyone?

I’m also in the “I compiled Ruby myself and I’m still getting this
troublesome message” group.

Duane J.
(canadaduane)
http://blog.inquirylabs.com/

Whenever I have seen this problem on OSX it has been because of the
need to compile ruby with Open-SSL support built in. So you might
need to try and recompile ruby and make sure to use the flags to show
it where your Open-SSL install is located. I don’t know the commands
offhand but I remember doing this a long time ago.

HTH-
-Ezra Z.
Yakima Herald-Republic
WebMaster
http://yakimaherald.com
509-577-7732
removed_email_address@domain.invalid


#12

On Jan 9, 2006, at 9:39 AM, Ezra Z. wrote:

(canadaduane)
http://blog.inquirylabs.com/

Whenever I have seen this problem on OSX it has been because of the
need to compile ruby with Open-SSL support built in. So you might
need to try and recompile ruby and make sure to use the flags to
show it where your Open-SSL install is located. I don’t know the
commands offhand but I remember doing this a long time ago.

Thanks, Ezra. Got me started in the right direction.

I followed the instructions at http://hivelogic.com/articles/
2005/12/01/ruby_rails_lighttpd_mysql_tiger and got it all to work.

Duane J.
(canadaduane)
http://blog.inquirylabs.com/


#13

Duane,

How did you compile ruby against openssl? What flags did you set?

Thanks,
EJC


#14

On Jan 9, 2006, at 6:09 PM, Ed C. wrote:

Duane,

How did you compile ruby against openssl? What flags did you set?

Thanks,
EJC

I didn’t do anything special. Just followed the directions given on
that page. Are you coming across some error messages?

Duane J.
(canadaduane)
http://blog.inquirylabs.com/


#15

No, I hadn’t tried it yet – wanted to make sure I got it right the
first (ok, second) time :wink:

Diving in now.

Thanks!


#16

On Jan 9, 2006, at 6:12 PM, Duane J. wrote:

I didn’t do anything special. Just followed the directions given
http://lists.rubyonrails.org/mailman/listinfo/rails
OK. This is a hack, and I can’t believe I’m posting it on a public
mailing list.

But if you all you need is to grab HTML via Net::HTTP, you can just
comment out line 38 in protocols.rb and non-SSL gets will work.