Localeapp commands resultin in SSLv3 handshake failures
holli opened this issue · 4 comments
Localeapp pull or update doesn't work currently. Tested on two different systems, ubuntu and mac.
$ localeapp pull
Localeapp Pull
Fetching translations:
error: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure
Has there been some Poodle-exploit related fixes on your server?
My guess is that localeapp gem tries to use old type of handshake. But I'm not sure what part finally handles the ssl handshakes etc.
- Are you going to do something on the server so that it will be fixed?
- Is there a gem update coming up?
- Some way of getting more logging out of localeapp so that it tells more whats causing the problem?
Hi @holli,
Yes, Heroku have decided to disable SSL v3 in response to POODLE, so while we're not vulnerable to that exploit sslv3 will not work.
I'm not really sure what we can do to remedy this to be perfectly honest. Are you able to use SSLv2?
Yeah we would be able to use it probably. But I think it has to be forced the original connect that localeapp gem makes. So when initializing the connection gem should make sure that its not using wrong type. Or some option to force it somewhere.
OK, that's definitely something I can look into.
On 17 Oct 2014, at 13:43 pm, Olli Huotari notifications@github.com wrote:
Yeah we would be able to use it probably. But I think it has to be forced the original connect that localeapp gem makes. So when initializing the connection gem should make sure that its not using wrong type. Or some option to force it somewhere.
—
Reply to this email directly or view it on GitHub.
Yep. Working well. Thanks.